just solved one issue which haunted us last week: we had 3 (homeoffice) users having trouble connecting to ZPA, Sharepoint Online, sometimes Outlook just disconnected and various unspecific laggy performance when ZCC was in place. No issues with their private PCs. Since we found no salvation in configuring all possible profiles-settings we switched back to ZTunnel 1.0, what immediatly solved the issue. But as we do not want to use ZTunnel 1.0 anymore I found no peace
Via some extra work and asking users about their providers we found that all these users had one thing in common in their homeoffices: a Vodafone Cable Broadband Internet Access (via Coax).
As one of the differences between ZTunnel 1.0 and 2.0 is usage of TCP vs UDP (by default DTLS) we forced this users via fwd-profile settings to use TLS. Although this is a fallback option for DTLS it seems it never fell back to TLS automatically, maybe because it worked for initialization of ZCC. After the new policy was applied to the clients everything instantly worked. No issues anymore.
The only caveat seems to be that the users do not get their full bandwidth when ZCC is up&running. At least ip.zscaler.com’s connection quality test results are always reporting around 80/40 Mbit down/up inspite of the users are claiming they have a 1000 mbit connection. One of the users has an 250 mbit connection and get the same results. And yes, they are using different ZENs. And yes, there are obvioulsy no “UDP”-specific configuration switches on the home-routers.
Maybe thats a Vodafone Germany specific issue but in case you also happen to have support your homeoffice-users with their private internet infrastructure this is possibly something to keep in mind.