Zscaler tunnel may fail after an Edge service restart or reboot
Article ID: 333908
Updated On:
Products
VMware
VMware SD-WAN by VeloCloud
Issue/Introduction
Symptoms:
After an event that may cause a service restart or a reboot (such as an upgrade or configuration change) a Zscaler tunnel configured with FQDN may go down.
DNS queries are successful
DNS cache contains no entries for the zscaler service
After an event that may cause a service restart or a reboot (such as an upgrade or configuration change) a Zscaler tunnel configured with FQDN may go down.
DNS queries are successful
DNS cache contains no entries for the zscaler service
Environment
VMware SD-WAN by VeloCloud
VMware SD-WAN
VMware SD-WAN
Cause
Issue is caused by Defect ID: 60073
Resolution
Defect ID: 60073 is fixed by upgrading the SD-WAN Edge to any of the following releases:
4.2.2 release R422-20210923-GA or later
4.3.1 release R431-20211208-GA or later
4.5.0 release R450-20210922-GA or later
Workaround:
To recover the tunnel perform a ping to the zscaler peer FDQN (examples: chi1-2-vpn.zscaler.net or dfw1-2-vpn.zscaler.net ). This will create a DNS entry and restore the tunnel.
4.2.2 release R422-20210923-GA or later
4.3.1 release R431-20211208-GA or later
4.5.0 release R450-20210922-GA or later
For information on how to upgrade please check the following article: VMware SD-WAN Software Upgrade FAQs
Workaround:
To recover the tunnel perform a ping to the zscaler peer FDQN (examples: chi1-2-vpn.zscaler.net or dfw1-2-vpn.zscaler.net ). This will create a DNS entry and restore the tunnel.
- Click on Diagnostics
- Under "Remote Diagnostics", select the affected edge
- Scroll down to Ping Test
- Select the appropriate segment and interface
- Enter the FQDN in the Destination field
- Click "Run"
Feedback
Yes
No
Powered by
