Sometimes, Zscaler service does not identify the user's traffic For example, the service does not authenticate user traffic to URLs or cloud apps you have selected to exempt from authentication. In another example, the service might not authenticate user traffic because it is encrypted and SSL inspection is not enabled.
Below are the different types of unauthenticated traffic are:
Unauthenticated User Agent: User traffic that cannot be authenticated because the user-agent cannot be authenticated by the configured authentication method.
Unsupported Method: User traffic that cannot be authenticated because of HTTP methods that are not normally supported, such as FIND or PROPBIND.
Unauthenticated Protocol: User traffic that cannot be authenticated by the configured authentication method (for example, un-decrypted HTTPS traffic).
Unauthenticated Proxy Port User: User traffic that is coming from port 9443. ZIA Public Service Edges (formerly Zscaler Enforcement Nodes or ZENs) accept web requests on ports 80, 443, 9400, and 9443. Any traffic generated from a known gateway location and destined to ZIA Public Service Edges with the proxy port of 9443 bypass authentication.
Miscellaneous Unauthenticated Transactions: User traffic that cannot be authenticated due to miscellaneous issues.
Authentication Bypass URL: User traffic to URLs or cloud apps you have selected under Authentication Bypass.
Unknown Kerberos User: User traffic that cannot be authenticated because it comes from an unknown Kerberos user.