The Bypass Proxy functionality on the CSC acts as a Layer 7 firewall and blocks everything by default. If you want domain or subdomain to by bypassed, you need to enable it.
The easiest way is to configure the bypass functionality is creating a PAC file on your Zscaler console, (as shown below) and to configure the PAC URL on the CSC. You can configure the Bypass PAC URL during initial wizard or later on via console.
When you have this configured on the CSC, add "Section 3: bypassproxy via Cloud Security Connectors" to your PAC file for PC.
| Bypass PAC example |
function FindProxyForURL(url, host) { var bypassproxy = "PROXY 1.1.1.1:3128; PROXY 2.2.2.2:3128"; // ========================================================= // Section 3: bypassproxy via Cloud Security Connectors // bypassproxy via CSC Public IPs (Examples) // Okta Domains (for Location Rules) if ((shExpMatch(host, "*.okta.com")) || (shExpMatch(host, "*.oktacdn.com")) || (shExpMatch(host, "*.okta-emea.com")) || (shExpMatch(host, "login.mydomain.com")) || // O365 Domains for ConditionalAccess (shExpMatch(host, "login.microsoftonline.com")) || (shExpMatch(host, "login.microsoft.com")) || (shExpMatch(host, "login.windows.net")) || // IP / Port test page (shExpMatch(host, "portquiz.net"))) { return bypassproxy } // ============================================================ return bypassproxy } |