SIG Zscaler issue

Mohamed baraka · ‎12-04-2023

Hello,

for SIG Zscaler routing configuration, there are both static and policy ways of forwarding traffic up the tunnels,

1- Is SIG configuration in the policy in anyway affect the LAN protocols ?

2- Is applying the SIG routing as a static and policy ways at the same time is causing any issues ?

SIG sequance in the policy:

===

!
    !
    sequence 9
     match
      destination-ip 0.0.0.0/0
     !
     action accept
      sig
     !
    !

SIG route:

===

ip sdwan route vrf 1 0.0.0.0/0 service sig

svemulap@cisco.com · ‎12-04-2023

Hi,

For your 1st question:
> 1- Is SIG configuration in the policy in anyway affect the LAN protocols ?
No. SIG Configuration in the policy affects to only what is in the policy.
SIG is applied to the data traffic. Not to the control traffic.

For your 2nd question:
>2- Is applying the SIG routing as a static and policy ways at the same time is causing any issues ?
Doing it via data-policy will take precedence. (aka via data policy)
So, whatever is configured for in data-policy, the redirect will happen accordingly.
In the example provided, seq 9 and static are doing the same thing.. which is matching the default route (0/0)
Typically you have a data-policy to match a specific traffic.

HTH