Omada ER605 blocking or cause poor performance of zscaler
Hey hopefully you can help :)
I am experiencing issues with zscaler on a omada ER605 using latest firmware. This is using a Zsclaer on a work laptop to connect outbound via the omada router, zscaler times out on auth step. Works fine with an alternative router on the same connection. Could this be caused by the same Issue experienced on the Deco series described here?
https://community.tp-link.com/en/home/forum/topic/634542
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @NZmatt
Thanks for posting in our business forum.
There are no special settings on the router to block a VPN connection from the LAN.
Unless you have a doc about its connection mechanism.
Have you enabled any settings in the firewall? That could block if you mistakenly enable something like IDS.
- Copy Link
- Report Inappropriate Content
Thanks for your response. This is using all default settings omada software controller. Where can I check the IDS setting please?
- Copy Link
- Report Inappropriate Content
Hi @NZmatt
Thanks for posting in our business forum.
NZmatt wrote
Thanks for your response. This is using all default settings omada software controller. Where can I check the IDS setting please?
If you are new to the system, it would be best for you to read the Omada Controller User Guide to resolve a question like this. This is a low-effort question and you can easily find it in the UG. You should at least get familiar with the system.
As of now, I think it has nothing to do with the config or IDS. If you need further investigation, please provide a document from the VPN vendor to illustrate their connection requirements.
And confirm again about your connection diagram: Client(PC) > ER605 > ISP(Internet) > VPN server. Correct?
A generic NAT should not block anything unless your VPN server did not respond to the auth request from the router side.
- Copy Link
- Report Inappropriate Content
Thanks, yes that is the correct topology. Apologies this may be an issue of poor performance causing auth to time out rather than blocking. If I switch back to my old router leaving every other component the same the problem is instantly resolved. This problem is only introduced when the ER605 (using default configuration) is present. Zscaler is using a TLS connection if that helps.
- Copy Link
- Report Inappropriate Content
Hi @NZmatt
Thanks for posting in our business forum.
NZmatt wrote
Thanks, yes that is the correct topology. Apologies this may be an issue of poor performance causing auth to time out rather than blocking. If I switch back to my old router leaving every other component the same the problem is instantly resolved. This problem is only introduced when the ER605 (using default configuration) is present. Zscaler is using a TLS connection if that helps.
I briefly looked it up on Google. I think it is not a VPN? Not really equal to a VPN.
What does the log say? Is anything detailed for me?
- Copy Link
- Report Inappropriate Content
@Clive_A thanks very much for your help. I think you are right, unfortunately Zscaler is deployed by my workplace not myself so I only limited understanding of the application. Please give me some time to collect more information and respond.
- Copy Link
- Report Inappropriate Content
Hi @NZmatt
Thanks for posting in our business forum.
NZmatt wrote
@Clive_A thanks very much for your help. I think you are right, unfortunately Zscaler is deployed by my workplace not myself so I only limited understanding of the application. Please give me some time to collect more information and respond.
Get you back since I have a new idea after I read the Deco guide about this matter.
Can you show me what your WAN looks like? It seems to be that the Zsclaer is NAT-sensitive.
Make sure your WAN is not a private IP address and try it again.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 344
Replies: 7
Voters 0
No one has voted for it yet.