Zscaler via GL-MT3000 to Tailscale exit node

boelaars · May 22, 2025, 6:07am

My entire home network (phones, laptops, TV, anything) is connected to my GL-MT3000 via Wifi. The WAN port is connected to my internet router.
The GL-MT3000 is configured with Tailscale to use a remote exit node, which is hosted on an iMac.
This all works perfectly fine, performant, great.

Except when I connect a corporate Windows 11 laptop that is configured with ZScaler. It is unable to access anything online unless I connect it directly to my internet router rather than to the wifi of the GL-MT3000. A simple 'ping 8.8.8.8' results in nothing but timeouts for instance.

Is this a totally unsupported configuration or am I forgetting some switch somewhere?

bruce · May 23, 2025, 9:21am

Hi,

Based on the current topology and configuration, MT3000 tailscale enabled exit node and point to the node iMac. Is the Internet of other clients of MT3000 normal?

If yes, it might be that ZScaler on this laptop blocked this traffic.

boelaars · May 23, 2025, 9:37pm

All internet traffic of all other clients of the MT3000 is normal.

MT3000 is on internet uplink A.
iMac is on internet uplink B.

If I connect the ZScaler laptop's wifi directly to A, it works
If I connect the ZScaler laptop's wifi directly to B, it works.
If I connect the ZScaler laptop's wifi to MT3000, it does not work.