Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
You could use routing with metrics to accomplish that. You could, for instance, use BGP with local preferences to have routes over both fabrics with the preferred method having the higher local.
We are using Zscaler as well. We route to primary and backup GRE tunnels, then use a bypass filter for our services that need to bypass Zscaler and come from a static source address. So the basic statement on the vEdges is:ip gre-route 0.0.0.0/0 vpn ...
