How to exclude Zscaler (or only selectively include certain applications) in SFC Protect?

I’ve found that Zscaler tunnels connect while SFC Protect is enabled but no traffic passes.
I’d like to exclude ZScaler but in reality I’d actually prefer to only include certain applications for SFC Protect.
I can’t seem to find any way to control SFC Protect this way, can anyone help?
Thanks a lot.

Hi Jonny,

This has been added to the latest beta fw:

I suggest you do the upgrade and try it out.

Thanks for your reply but I’m on that firmware already and it only allows me to point Zscaler traffic to a specific SFC Protect location not exclude the traffic from SFC Protect altogether.

Ok I see, you want SaaS in outbound rules as a priority over SFC routing.

How do you configure this? From the app?

I’m currently exploring the options via the web gui rather than the app, I can’t see an option in the web gui at this time.

What you are looking for could be feasible from the InControl2 webpage, not the device WebGui as it does not have SaaS capabilities. https://incontrol2.peplink.com/

1 Like

Thank you! What you posted back in August 2023 just helped me get Zscaler ZPA traffic flowing.

The key here is that this cannot be configured on an individual router but rather must be configured as a group policy that applies to all routers in the group. (Hint: That group can be created with only one router in it).

I think I found my answer by reading this post more carefully. Venn’s answer to that post in August 2023 is what I believe I was looking for.