WSS agent connected and sending Web traffic into WSS

Zscaler app running on WSS agent host

When connecting the Zscalar VPN client, connectivity fails and an SSL 'untrusted root' certificate error is reported

Applied suggestion from another Zscalar KB article but failed to address issue 

Disabling the WSS agent and connecting to Zscaler directly working fine

Windows 10

WSS agent

Zscaler VPN client

SSL connectivity issue communicating with Zscaler through WSS

Added the following Zscaler connector IP addresses to the WSS bypass list.

The 'copy IPs' option is useful to export all IP addresses to a file, which can then be imported into WSS.

According to Zscaler 

"Zscaler strongly recommends that connectors and the Zscaler Client Connector have unrestricted outbound access to the Internet on port 443, to ensure access to all Zscaler brokers as our infrastructure evolves and expands. However, if this best practice is not feasible in your environment and outbound Internet access restrictions must be applied with specific exemptions, the following connectivity must be permitted."