ZPA - No Default Route

Configure ZCC, App Connector, Private Service Edge to work in a No-Default-Route environment. Organisations may use a NDR environment for several reasons and legacy security models. They may also implement no internet DNS resolution. Using ZIA Global Proxy IP's and GRE tunnels, traffic can egress the network. WPAD for connectivity for enrolment of ZCC. App PAC to configure ZCC to connect to Global Proxy IP. Once ZCC is enrolled, Ztunnel2.0 is used for ZIA connections. Client identifies trusted network and connects to Private Service Edge. App Connector also connects to Private Service Edge. Applications in the DataCenter then flow between client, Private Service Edge, and App Connector - keeping the traffic local. ZIA is only in the mix for the internet communication, and for control connections. Demo also highlights an issue with SCIM (side effect), but also shows how an organisation with NDR and No Internet DNS, can then pass DNS to Zscaler to resolve the internet and route traffic to Zscaler using Ztunnel 2.0. In this case, Zscaler becomes a replacement for SOCKS proxies and enables adoption of cloud applications which are not proxy aware.