Once the new configuration is running, follow the steps below to verify functionality.

1. Generate Internet traffic from a host on the LAN to a URL that has been blocked by Zscaler.

2. Verify the Zscaler IPSec Tunnel status in the web UI of the Appliance under Monitor, and then Statistics, and then IPSec Tunnel.

3. Verify the flow of the generated traffic through the Appliance via Monitor, and then Flows. Once you have identified the flow, confirm the Service Type as INTERNET.

4. Verify Zscaler is blocking the traffic.

In the event the IPSec Tunnel between the Appliance and the Zscaler ZEN goes down, the 0.0.0.0/0 route through the tunnel will become unreachable and pulled from the Oracle's routing table. Traffic will hit the next available, reachable 0.0.0.0/0 route out to the Internet. Route reachability can be verified in the Appliance's web UI under Monitor > Statistics > Routes.