ZPA Service Edge Selection

1. Specifying the Trusted Network to connect with the Private Service Edge
2. Geo IP-based selection of PSE


Specifying the Trusted Network to connect with the Private Service Edge

When the ZPA component of Zscaler Client Connector is started, it establishes a client tunnel to a ZPA Public Service Edge. Zscaler Client Connector sends information about its local network, and the ZPA Public Service Edge determines whether the local network matches any of the defined trusted networks.

Based on this information, the initial ZPA Public Service Edge replies with a redirection message, in which it provides a prioritized list of more optimal Service Edges to connect to. If ZPA Private Service Edges are available, these appear first in the list. If any of those ZPA Private Service Edges match Zscaler Client Connector’s current trusted networks, those ZPA Private Service Edges are prioritized.

Geo IP-based selection of PSE

When trusted network criteria are not selected. ZPA treats your ZPA Private Service Edge location just like ZPA Public Service Edge locations. If a ZPA Public Service Edge is closer to the user, the redirect is to that ZPA Public Service Edge; if a ZPA Private Service Edge is closer, the redirect is to that ZPA Private Service Edge.