Ensure Business Continuity by Excluding a Data Center from Traffic Forwarding

Last year, Zscaler introduced the ability to temporarily exclude data centers experiencing connectivity issues from a subcloud. This is especially useful in situations when the customer needs to exclude a data center from receiving traffic from the Zscaler Client Connector. Earlier this year, we introduced the capability for customers to exclude a specific Zscaler data center from traffic forwarding using IPSec VPNs.

Once configured, the specific Zscaler data center:

1. Terminates all existing IPSec VPN tunnels from the specific tenant
2. Does not accept new IPSec tunnel requests from that tenant

This ensures that the IPSec tunnel endpoint at the customer premises fails over to the pre-configured secondary tunnel based on the configuration at the endpoint device.

Figure 1. DC exclusion for traffic forwarding method

The help documentation has more information on configuring the DC exclusion based on the traffic forwarding method.