Zscaler App 1.1 for Windows and Mac OS X: Release Notes

Web Security Enhancements

  • The Zscaler App MSI file now provides the following options:
    • You can require users to log in to the Zscaler App before they can access the Internet from their computers.
    • You can allow users to bypass the initial Zscaler login screen if your organization uses SAML based identity federation to authenticate to the Zscaler service.
    • You can install a network adapter signature certificate with the option INSTALLDRIVERCERT=1. When you use this option, you will not have to push certificates and the users will not be prompted to accept certificates themselves. (See How do I deploy the MSI Installer Package to install the Zscaler App?)
  • When you configure Forwarding Profiles from the Zscaler App portal, you can now specify how the Zscaler App forwards traffic based on the network to which the user is connected.
    • Following are the network types:
      • On Trusted Network: The device is connected to a network that the Zscaler App has identified as a trusted network.
      • On Trusted VPN Network: The device is connected to a trusted network through a third party VPN client.
      • Off Trusted Network: The device is not connected to a trusted network.
    • You can define any of the following traffic forwarding modes:
      • Tunnel Mode: Zscaler App establishes an HTTP Connect mode tunnel with a Zscaler Enforcement Node (ZEN). This mode forwards all port 80/443 traffic to the Zscaler service from a device.
      • Tunnel with Local Proxy Mode: Zscaler App sets up an HTTP Connect tunnel with a ZEN for all port 80/44 traffic that follows ‘System proxy’ configuration. Please ensure that the PAC file used with this mode is configured with a loopback IP socket ( or 127.0.01:9001 must be added in PAC file as gateway).
      • PAC Enforcement Mode: Zscaler App uses a PAC file without setting up an HTTP tunnel. Users may need to authenticate again with Zscaler service in this deployment mode.
      • None: Traffic forwarding to the ZEN is turned off.
        (See How do I configure forwarding profiles for the Zscaler App?)
  • From the Zscaler App portal, you can now specify multiple support admins to receive a copy of request emails and tickets when your users report an issue with the Zscaler App. (See How do I configure in-app support settings for the Zscaler App?)
  • Users can refresh their Web Security policies and PAC file anytime by clicking Update Policy in the Troubleshoot menu in the More tab of the Zscaler App. (See Troubleshooting Zscaler App: Windows and Troubleshooting Zscaler App: Mac OS X.)
  • Zscaler App has been verified to interoperate with an F5 VPN client in split tunnel as well as full tunnel mode.

Zscaler Private Access Enhancements

  • Zscaler App now supports UDP traffic for Zscaler Private Access (ZPA). UDP support provides coverage for real-time, connectionless application traffic, such as VoIP.
  • In the Zscaler App portal,  you can configure a Forwarding Profile for ZPA that specifies whether the Zscaler App enables or disables ZPA when it determines that the user is connected to a trusted network directly or through a VPN, and when the user is connected to an untrusted network.
  • Zscaler App now supports wildcard search domains to resolve all domains associated with phrase and wildcard characters.
  • Zscaler App supports SRV records for DNS resolution to support clients that perform an SRV query. This can be used, for example, with Kerberos authentication.

Known Issues

  • Some users may encounter the 'Blue Screen of Death (BSOD)' on their Windows computer when they run Zscaler App in Tunnel mode with certain versions of a third party anti-virus client. This can be resolved by using either the Tunnel with Local Proxy or PAC Enforcement Forwarding profile of the Zscaler App.
  • Some users may encounter VoIP applications that may work erroneously. This can be resolved by using either the Tunnel with Local Proxy or PAC Enforcement Forwarding profile of the Zscaler App.