ZScaler ZPA issues using NSLOOKUP with work laptop
-
Im a bit new to PfSense Firewall. I currently just use it for ad blocking PFBLockerNG and web filtering with CloudFlare.
Recently my work is starting to migrate to ZScaler ZPA VPN. So far so good except when i went to use NSLOOKUP today. It resulted in the following screen shot:
I did a little research and found an article suggesting i disable DNSSEC and DNS Forwarding. I tried both but neither solution worked.
Has anyone else ran into this issue and if so, how did you resolve it?
Thanks,
Carlos -
So this is when your laptop is connected to the VPN? It connects directly?
Does nslookup fail for all queries?
I imagine the local VPN client could be routing all queries over the VPN so it never reaches pfSense.
-
@stephenw10 Correct, this is when im connected to the ZPA client. I assume it connects directly.
nslookup fails for all queries.
If i connect to work using Cisco VPN Client i have no issues.
I have both Cisco VPN and ZSCALER ZPA clients. I was using the Cisco VPN without issues, we are slowly migrating to ZPA. When i use the Cisco VPN client i have no issues using PING or NSLOOKUP for work purposes. But do have issues with the ZPA Client.
Thanks for the reply.
-
Then it seems likely the zscaler client should replace the local DNS servers with some it can access over the VPN. It's not so you laptop is still trying to access pfSense for DNS and failing.
Check the routing table on the laptop the VPN is connected to confirm.
-
@stephenw10 Thank you! Ill check this and talk to the ZSCALER team at work.
