WVD and Zscaler App

Iron Contributor

Has anyone had an issue running Zscaler with WVD?   Or has anyone been succesful?   At the moment, Zscaler is totally killing our WVD pilot.   We run the app version of Zscaler that runs on the client and it seems to be unhappy with some of the WVD components and how they talk to Azure.   

 

We are working with Zscaler support, but so far no luck.   So I'm wondering if anyone else has experienced issues with Zscaler and WVD.

8 Replies
We're in the same boat. It doesn't appear ZApp supports the multi-session Windows 10 OS utilzed by WVD. Support tells me it's on the roadmap but currently unsupported. We've tried using PAC files but continue to get mixed results. Sites which should be blocked sometimes work, authentication fail, etc. Have you made any progress?

@ChristopherB2175 

Have you been able to get Zscaler to work on WVD? What has been your experience?

I read in some posts that WVD does not support proxy configurations, so am also wondering if this breaks any MS support on the vdi's running Zscaler.

@Animesh Bhattacharya We had to take a different approach to ZScaler/Azure.  We are also a SilverPeak (SD-WAN) client so what we did was setup an SD-WAN virtual appliance in Azure which handles the GRE tunnels to ZScaler, then with routing tables change the WVD subnet to use this device as it's Default GW.  

 

We're 3 months in with the design and no notable issues.  

@ChristopherB2175 .We have similar issue with sporadic disconnects from active VDIs. We do have Zscaler on the network. Have you had further disconnects after you installed SD-WAN virtual appliance to handle GRE traffic?

@kip 

Hello Kip, I know this is quite an old post now, but we have the exact same setup and we have been using WVD with Zscaler for about a year. And its been a year of very frustrating random disconnections. Its driving us mad. We are going to attempt to remove Zscaler out of the equation and we think this will solve our random disconnects. Just wanted to see if that is what you ended up doing too by removing Zscaler from the setup? Or did you manage to ever get it working with Zscaler in the end?

Kind regards

Allan

@allankchambers The short version is that you'll need to bypass the WVD URL's and IP's from Zscaler and then it works fine, no disconnects.  Microsoft strongly recommend not proxying this traffic

@neilpikelgim Do you monitor the Azure JSON files for IP address changes on an ongoing basis to keep your exception list current?
We don't yet, just setting it all up, but we will need to do that