Issue
The Zscaler Client Connector encounters a connection failure when used in conjunction with the Cato SDP Client, displaying an error message stating "No network interface can be detected."
Environment
- Cato SDP Client connected to the Cato Cloud.
- Zscaler Client Connector App version 4.1.
Reason
The connection failure is attributed to a compatibility issue between the Cato SDP client and Zscaler Client Connector App version 4.1.
When the Cato SDP client is connected, it assigns a 169.254.x.x IP address (defaulting to 169.254.254.1) as the default gateway address to route traffic via the tunnel. However, when the Zscaler Client Connector 4.1 and above detects the use of a link-local IP address as the next hop, it blocks the Zscaler connection.
From zScaler Client logs, the error looks like this:
2023-08-14 16:54:44.117118(+0530)[11896:11880] ERR Default Interface Gateway is: 169.254.254.1
This issue will persist even if the Zscaler Cloud public IP is bypassed from the Cato tunnel (split tunnel).
Solution
The issue has been resolved in Zscaler version 4.2 or later.
6 comments
Zscaler version above 4.2 has resolved this issue as well.
Thanks Scott.
We have experienced cases when using v4.2 of Zscaler does not solve this problem. The reason has not yet been identified.
Both (ZScaler and Cato) need to have split tunnel rules in order to work without any problems right ?
Erick, I have split tunnel in CATO and in ZScaler I have a bypass in my PAC file for the ip referenced above.
I haven't tried other configurations, but this works for me, zero issues.
Support may give a better answer, but thought I would give my experience if it helps.
Hi Jon Derrenbacker , thanks for your reply. Can you share with me those configuration so I can do on my side as well please ? Thanks
Please sign in to leave a comment.