Zscaler App ends in Connection Error with Egypt ISP

We have a team in Egypt whose Zscaler app ends in connection error. We have open access to internet and no restriction in our network/security devices. Does anyone experienced any issue from Egypt ?

Regards
Ganesh Krishnan

1 Like

Hi Ganesh,

Is it possible to test from a different network/ISP? If so, does the error persist? You can of course also open a ticket through the Zscaler portal and work with Zscaler support to provide the relevant Z App logs in order to troubleshoot.

…Came across such issue a while back.
I believe we ended up setting up VPN to Zscaler using OpenVPN or such software from the endpoint.

ZAPP uses CONNECT method to connect to ZEN and local ISP block any CONNECT requests leaving the country hence it will not work. DTLS might change this with ZAPP 2.0. I have not tested though.

Kind regards,

Yogi

Hi Ganesh,

Also if you haven’t already it would be good to open a support ticket with logs so engineering and support can take a look. We might be able to figure out why it’s blocked.

If you’ve already done this, please let me know the ticket number.

Regards

David

we have had same issue on v1.5. it was not limited to just one country. users across globe were reporting connection error message. zapp2.0 has fixed it but we dont know the root cause

We have same issue for our Team in Egypt Country. Problem seems occur mostly on mobile ISP.
I already opened tickets to support but no solution yet.
I will update here if some positive change will happen.

ISPs may use port 80 for some other purpose.
Try with 8080 or 443 in proxy return statement on App profile PAC file.

I do have same problem, our team in Egypt getting error while using Zscaler. how to optain Zapp2.0?, I face same problem across all ISPs in Egypt

I opened a ticket with Zscaler. Engineer was able to collect evidence showing CONNECT request never got response. We shared it to ISP however it takes more time to get response from them.

Regards
Ganesh Krishnan

Have you got any update from ISP.?

No Update yet. Strangely i had 3 similar individual issues reported from home users, two from London and one from South Korea . Their local ISP couldn’t do much. I see plenty of Re-transmission packets to Zscaler.

Regards
Ganesh Krishnan

Hello,

We do have same issues in Egypt. Any feedback or solution?

Regards

For Egypt we plan to use a Service Edge for ZIA and eventually a Private Broker for ZPA.

Hi Karol,

Most of the issues in this thread came from CONNECT requests being blocked within the country. Some customers found a solution to this was to use Ztunnel 2.0, which doesn’t use CONNECT requests. If you’d like to try this, can you reach out to your zscaler contact and request this?

Regards

David

2 Likes

Hello David,

You mean to have change tunnel version from 1.0 to 2.0? It is major change?

Regards

i got standard response. “like we don’t block any traffic and sharing ping to www.zscaler.com saying connectivity is available” :frowning:

Version 2.0 is not rolled out in our production cloud. we could see its enabled only in our Beta cloud. so we ran out of option.

Hi Ganesh,

Zapp 2.0 can be enabled by request after we review the customer background. Suggest you to reach the ZScaler SE supporting you to review your request.

Jones