I have a client that has a PA440 and they also have Zscaler clients running on their workstations. I’m not real familiar with the inner workings of Zscaler. When the client is inside the network they are able to gain access to Global Protect. FYI their external IP is a Zscaler IP and I’m thinking that’s why they can access Global Protect. Is there any way around to keep them from connecting while inside the network?
Zscaler acts like a proxy, it often overlaps and directly impacts VPN clients. This is not a compatible configuration unless you understand the specifics of each configuration and make sure there is zero overlap
They would have to likely exclude/bypass zscaler while on corp, not familiar with zscaler but think this might help: http://help.zscaler.com/zpa/configuring-bypass-settings
also configure IHD/internal gw on the GP side
I’m trying really hard to understand why would they be running zscaler clients inside the network lol
Zscaler has vpn bypass in the profile for the adaptor pan uses. As long as this is setup right on Zscaler side should be no issue.