Tech Community Live: Endpoint Manager edition
Jul 21 2022, 08:00 AM - 12:00 PM (PDT)

Isolating ConfigMgr clients connecting to site through ZScaler ZPA and create separate boundary

%3CLINGO-SUB%20id%3D%22lingo-sub-2598098%22%20slang%3D%22en-US%22%3EIsolating%20ConfigMgr%20clients%20connecting%20to%20site%20through%20ZScaler%20ZPA%20and%20create%20separate%20boundary%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2598098%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20looking%20to%20see%20if%20anyone%20has%20figured%20out%20a%20trick%20to%20isolate%20configmgr%20clients%20which%20are%20connecting%20to%20the%20configmgr%20site%20via%20ZPA%20tunnel.%26nbsp%3B%20Cannot%20use%20IP%20address%20as%20it%20uses%20the%20clients%20current%20IP%20(home%20subnet%2C%20coffee%20shop%20etc).%26nbsp%3B%20All%20machines%20connected%20to%20local%20network%20and%20connecting%20via%20ZPA%20show%20as%20intranet%20and%20in%20same%20AD%20site%20(due%20to%20the%20internal%20ZScaler%20connector%20routing%20the%20traffic%20internally).%26nbsp%3B%20ZScaler%20support%20has%20not%20been%20much%20help%20so%20I%20am%20reaching%20out%20to%20see%20if%20anyone%20out%20here%20has%20found%20the%20magic%20ingredient%20to%20make%20this%20work%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2598098%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECM%20current%20branch%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2604197%22%20slang%3D%22en-US%22%3ERe%3A%20Isolating%20ConfigMgr%20clients%20connecting%20to%20site%20through%20ZScaler%20ZPA%20and%20create%20separate%20boundary%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2604197%22%20slang%3D%22en-US%22%3EHave%20you%20see%20this%20thread%3F%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fanswers%2Fquestions%2F428660%2Fzscaler-private-access-and-sccm.html%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fanswers%2Fquestions%2F428660%2Fzscaler-private-access-and-sccm.html%3C%2FA%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

I am looking to see if anyone has figured out a trick to isolate configmgr clients which are connecting to the configmgr site via ZPA tunnel.  Cannot use IP address as it uses the clients current IP (home subnet, coffee shop etc).  All machines connected to local network and connecting via ZPA show as intranet and in same AD site (due to the internal ZScaler connector routing the traffic internally).  ZScaler support has not been much help so I am reaching out to see if anyone out here has found the magic ingredient to make this work

1 Reply