The Cisco Umbrella roaming security module (AnyConnect or Cisco Secure Client) works with most software, but there are instances when extra action is required to have both types of software work as expected.
ZScaler Private Access is a VPN replacement for enterprise. This software has historically conflicted with Cisco Umbrella and ZScaler has not been able to collaborate to produce a compatibility solution.
As of January 2022, a solution has been found in the field.
- The issue
- Zscaler makes use of ZPA which acts as a DNS proxy, which conflicts with our own DNS encryption proxy software. DNS may fail to resolve including local DNS or may resolve to completely different IPs such as 100.x.x.x ZScaler IPs.
- The solution
- NEW: Cisco has discovered a workaround for ZPA incompatibility based on the prerequisites of ZPA. Add “prod.zpath.net” and “private.zscaler.com” to your internal domains list in Umbrella.