Verification

Once the new configuration is running, follow the steps below to verify functionality.

1. Generate Internet traffic from a host on the LAN to a URL that has been blocked by Zscaler.

2. Verify the Zscaler IPSec Tunnel status in the web UI of the Appliance under Monitor, and then Statistics, and then IPSec Tunnel.

INSERT ALT TEXT

3. Verify the flow of the generated traffic through the Appliance via Monitor, and then Flows. Once you have identified the flow, confirm the Service Type as INTERNET.

INSERT ALT TEXT

4. Verify Zscaler is blocking the traffic.

INSERT ALT TEXT

In the event the IPSec Tunnel between the Appliance and the Zscaler ZEN goes down, the 0.0.0.0/0 route through the tunnel will become unreachable and pulled from the Oracle's routing table. Traffic will hit the next available, reachable 0.0.0.0/0 route out to the Internet. Route reachability can be verified in the Appliance's web UI under Monitor > Statistics > Routes.

Note:

R7.0 GA only supports a single VRF/routing domain for Zscaler.