Zen and ZScaler

Hi everyone,

Haven’t used a forum in years, but this one appears on Google quite a bit and I’m hoping there’s someone here that can stop me pulling my hair out.

I recently switched to Zen on CityFibre (like two weeks ago), having previously been with Yayzi. Connection has been rock solid, barely even a blip on the BQM. Generally loving it…

HOWEVER… it doesn’t seem to playing nice with my work VPN, which uses ZScaler. The issue boils down to essential silent drops of the internet security connection, bouncing me between two data centres at a mix of 15/30/60 minute intervals (sometimes it holds out longer, it’s not consistent other than when it does drop, it’s a multiple of 15 almost to the second). The drops are subtle as it’s designed to be seemless, no toast notifications, just a new “time connected”, and it freezes/kicks me out of RDP connections… which is the hugely annoying issue. Tried the standard troubleshooting steps, wired, WiFi, repairing/resetting zscaler etc.

ZScaler tunnel 2.0 uses UDP, so I suspected maybe it was something specific to this. However no other UDP traffic has hiccups AT ALL. Gaming is rock solid, I have no packet loss, nothing. I’ve checked with Zen to see if they have anything in place that may interfere, they’ve said theres nothing, they don’t terminate UDP sessions or do any shenanigans with port 443. As far as they’re concerned, there’s nothing on their side interfering.

The problem however is that even using a pretty rubbish 4G hotspot with pings > 60-70ms vs my 12ms Zen connection does not have this issue. I didn’t have this issue on Yayzi through CF either. My employers IT dept are also keen to blame Zen, however I literally have no idea what I can do to get Zen to investigate this issue. Has anyone else ever dealt with anything similar? Or can anyone just confirm that they’re on Zen and ZScaler works for them? I’ve just recently updated my IPs geolocation on maxmind which ZScaler uses in the hope that maybe they’ll bounce me to the Manchester data centres instead of London, as a last gasp attempt to eliminate an issue with specific DCs.

I’m also not sure if this issue would be considered severe enough to allow me to exit my 18 month contract if they don’t fix it within 30 days? It’s literally only impacting one thing, however as a remote worker it is also the most important at the same time… but it’s not a business line, so I don’t know my rights. I’m having to order a 5G hub at an additional expense in the hope I can continue to work. Any potential advice would be GREATLY appreciated.

@SeanSAFC89

I'll be the first to admit that I don't know much about how these things work, so I don't know if it is relevant, but you don't say if you are using the same router with Zen that you were with Yayzi?

If not, which router were you using before and are you using the Zen supplied Fritz!Box now?

.

Ah apologies, in my ramblings I missed out a few important details!

When I switched over from Yayzi I was pretty lazy and used the Yayzi TP-Link EX820v router for a few days (I was planning a full network tidy up, honest!). The drops were occurring on this router so I initially thought okay, maybe it being the old Yayzi one was causing some issues, so I swapped to the Eero Max 7 that I got through Zen, but sadly no improvement on the new router either.

My work's PC is also on ZScaler (but always on and I've no access to local n/w from it) - seen no issues - but I'm on an Zen using Open Reach fibre with everything is IP V4 and ethernet not wifi

I would log a support call with Zen - be clear up front with the ports and protocols and endpoints ZScaler uses (admittedly ZScaler uses a lot), and be direct with them.

Assuming you've ruled out any other things internally which may have changed, the other issue is of course that it is at the ZScaler end of things.

ZScaler is quite popular so would be surprising if Zen do have an issue with it.

Your work should probably move to something better than ZScaler but we'll leave that one for another day

In reply to a post by SeanSAFC89:

Ah apologies, in my ramblings I missed out a few important details!

When I switched over from Yayzi I was pretty lazy and used the Yayzi TP-Link EX820v router for a few days (I was planning a full network tidy up, honest!). The drops were occurring on this router so I initially thought okay, maybe it being the old Yayzi one was causing some issues, so I swapped to the Eero Max 7 that I got through Zen, but sadly no improvement on the new router either.

So, anecdotal. But I'm also on Zen over Cityfibre. My laptop uses ZScaler and has no problems. I couldn't tell you if it's 2.0 or not. I don't really look too much into what is on the work laptop. But I've not seen any problems like that.

If you didn't say it happened on multiple routers I'd have pointed to that though. Since really it seems like a NAT issue. Zen should be passing IP to you directly which usually would make these kind of issues a local equipment issue.

I guess one thing it could be is MTU. As in either the router isn't using the jumbo frames (to maintain 1500 MTU) or the router isn't correctly making the true MTU known on the local network. That would cause a problem whenever larger packets were used. I've seen it before on different VPNs. Why that would occur at specific times, I don't know.