I am looking to use Zscaler for our clients to secure internet traffic the same whether they are sat in the office or at home.
Initially I thought I could just install the client on the endpoints and not have to worry about a GRE tunnel, however when on VPN, Zscaler stops access to internal resources as it tries to send the connections via Zscaler which has no access.
So the next stop is configuring a GRE tunnel for people in the office and on VPN, and setting the application to disable itself if it detects that users are on these networks.
Looking into setting up a GRE tunnel on the Sophos devices doesn't seem very straight forward, I have 2x subnets for clients that I want to forward to Zscaler but I wanted to be able to decide what traffic is routed. I can't seem to see a way to do this as policy based routing doesn't seem to be enabled for GRE?
An example would be, we have some SQL servers in Azure that only allow access from our static outbound IP, so we would want to exclude these from the GRE tunnel.
Has anyone got a similar setup on a Sophos XG and could point me in the right direction please?
This thread was automatically locked due to age.
