Have you checked that the Zscaler Certificate is not present in the Certificate Store on the Server.
You can only browse the internet with SSL inspection if the certificate is present.
You can check the Padlock on the browser bar or view the developer tools security tab to see the certificate chain of the visited website.
If the Zscaler certificate is not present, you definitely should get an security message on the browser session. Applications can work fine if they don’t validate the CA, but this is very likely.
Untrusted server certificate in bypass might be related. User will have the opportunity to allow the untrusted / self signed server certificate presented to the user, same as without Zscaler. These are then added to the trusted certificates on the server. But if you visit a random site you should get a message that the certificate is untrusted.
It will still be intercepted and signed by the Zscaler CA, because we will create a untrusted certificate for the website that has an untrusted server certificate.
So, there must be a reason for this. Do you see the same on all servers or just one?