u/bygrob

I feel you… we, the good ones always inherit the bad. But we are better for it, we chew it up, make it better, and most importantly we have Reddit to back each other up! Good wrk my friend, I am sure you will make it awesome!

I have been glued to this subject for almost 2 hours. I can't believe some of the horror stories. I know I have definetly had my share of upgrade issues, especially with VCSA, with storage, and mid-way crashes, but it was always solvable. And this round from 8 to 0 just went with…

Traditional model is too trusting, too connected, vast reachability. Firewalls, VPNs, all result in broard network trust--years of layered configurations which grows around the business. Firewalls have IP Addressesss, and if it is reachable, it's breachable. Rules, routes, subnet…

The role pivot from ZTNA. :-)

You rock!

Yikes, war zone. lol. This post is gold! I have been wondering about this, and now I know! Awesome!

Another super important reply! 100%!

I second this to my exact expierence! On point! I will say, I find that a lot of folks will go to youtube, find the first step-by-step, and end up in a bad place. Welshsurprise321 has you on the right path. Good luck.

Good point.

I second this.

You may already know this, but gonna say it anyway, not trying to be a smarty pants or possibly a broken record... VLANs as a primary security setup is a risky misconceptions. VLANs are for traffic manament/broady iso, not cyber sec. Understandably, not everyone can get the best …

Can you ping from the SonicWALL directly?

haha, I guess I just jumped in and didn't notice others asking the same question. :-)

For your own personal setup at home or office or for a business?

Sensing this is a home setup?

Ohhh man, what am I missing? Everyone really having major issues? I just finished upgrading while migrating off few dozen Synergy Frames back another platform and all went well. Man, did I get lucky or something.... yikes. Now I am having doubts and may need to go investigate if …

Wow, I know a few people who really need to read your post. Thank you so much!

Haha. Well said, and understood. Podcast? Very interested.

I just heard Broadcom is now brining it VVF back for good. True? The word I heard, when so many complained, they finally listened. Not sure if true or not, but wow, always like they are BI-POLAR over there. lol. No offense.

DM me city

Let us know if you notice that bypassing is not working, and I can share how I bypass webex, etc.

True, and exactly what I like to do--quick and easy. As you already know there are several ways to go directly or bypass, I always do tracert first, and as usual when it goes out ZIA, the the first hop times out, and the second shows ZIA's IP. And once you decide which way to byp…

One way I like to test and make sure it is bypassing is to do a trace route, if you see your gateway, you know fr sure it’s Direct, but if you see zscaler IP, it’s going Through ZiA. Just my two cents.

I have been 3 year leasing Volvo XC90’s for almost 12 years now… on my second B6 ULT. And I kid you not, a month or two before maturity, almost falls apart! lol. I faithfully take it in the same week it’s due. And always return under miles, 12k per year so just under 30k miles,…

I was excited about the option to disable auto-off but having to enable it every time I start car sucks royal buttocks! And my stereo had no sound twice today forcing me to do something I found online by holding the button. That sucks even more!!! As it just did it again! Agh!

I get it, and I know many use it. My circle is fairly large, and horror stories are next to insane. I know probability proves there are more good deployments, then there are bad. And many of the bad are fundamental mistakes, and many are not. I also can't really judge, I consult …

Yup! They keep playing strange games. They will even say it’s retired, and it’s not. And VARs like CDW will piggyback on Broadcom. I have a close friend in the small/medium arena, and getting quotes for VVF from other OG VARs, with game experience, and how to deregister, and nego…

100% on every response from Pale\_Engineering4966. I am the principal of a global enterprise environment, and compliance regulations, industry in mission critical manufacturing, and having the right posture and security BP’s, you too can harden the setup… full proof! It’s not c…

Yikes had no idea they live that long! No rabbits in my house! lol.

There is also guy on YouTube, OG zscaler dude, look him up, Mark Ryan Welshgeek1. He has a few good vids, some may be outdated, but it can lead you places. :).

https://help.zscaler.com/zpa/authentication/machine-authentication

Will they ever go Bluetooth for android/carplay!?!? Even cheapo cars are cordless.

Not at all a waste of time. Worth the time and money. First pass it, don’t be surprised if you fail it, and do not worry, you will pass. And it will place you on the right mindset for the next realm.

The Aruba stack is vsf, vsx and is it a lag or mc lag, these are just question to get more contexts but sounds like a native vlan mismatch.

They are digging their own grave, leave it, not worth it.

I second this perfect response!

I second this. :).

I would actively look for new opportunities.

Brother! Great response! On point!

Is your SSL policy similar to mine? If not, maybe worth to try. 😄 Untrusted Server CertificatesBlock OCSP Revocation CheckEnabled Block No Server Name Indication (SNI)Disabled Block Undecryptable TrafficEnabled Minimum Client TLS VersionTLS 1.2 Minimum Server TLS Vers…

I know the following isn’t helpful, I can’t duplicate this, and I have tried everything. When you say you enter your creds, are you talking about your logon to your google account? If not, what creds? I will keep playing with it, maybe I will be able to help. :)

Have you solved? Also, are those the true IPs (10.20.30.x) used or an example?

So many things you can do, but depends on failure. VEEAM trial is where I would start… as already mentioned here.

Linux performance is bad on HyperV. IMO.

Which VOiP system?

You need a border gateway for voip. You can try to bypass, but that doesn’t always work. Then there is the legacy network appliance for RT.

Vasion.com

Depends if you have a company device, if so, MDM will give them visibility, not really zscaler.

1Password.

Yup. Just wait its reputation and all will be golden.

Thank you! You Rock!

[https://dist.private.zscaler.com/vms/VMware/2025.03/zpa-connector-el9-2025.03.ova](https://dist.private.zscaler.com/vms/VMware/2025.03/zpa-connector-el9-2025.03.ova)

I use PBR's to direct traffic like backup (VEEAM), not to traverse the ZTB, and to remain on the L2 links dedicated for VEEAM/ZERTO/StoreOnce network.

Are you going into production with this setup? If your access switch's edge ports are 1Gb, traffic from your VMware environment will be drastically limited—Speed Mismatch. The oversubscription will create a massive bottleneck that will affect many areas of your environment. You m…

[https://Temporary-IP:5480/configurev2/#/](https://Temporary-IP:5480/configurev2/#/)

Branch Connector my friend. You can do a lot. You can build new networks behind BC, do things like authenticated locations, and sub locations. And like mentioned above, arm mode, and gateway mode. Arm mode is commonly used for deploying without outage, whereas gateway mode, you…

Man, just do it! Never about the size, don’t believe the myth! To discover where you fall, you need to dive in. Maybe you’re a two pump chump or maybe a 30, 60 minute champion! Either way, it doesn’t matter! If you have the natural motion, and etiquettes, you will please her\him …

Nothing compared to Haven Club with their 7,000 sq ft suites. On a ship! Crazy.

Not even my Crocodile Dundee knife?

SonicWALL's are not meant for everyone. If you still need help, I can help you set anything up quickly. Don't let the haters get to you. Once you get the wireless tuned, it will run until the day you refresh the solution. I have deployed thousands of 100% SonicWALL environmen…