Recently deployed the zscaler client onto my LAB windows 10 VM running on the VMWare ESXi platform.
I wanted to play around and test features like URL blocking, SSL decryption, and so on.
As a test, I decided to block the news and media category, would generally block CNN, BBC, and the NYT, and so on.
I made the policies, the app profile config, and ran the tests, while most sites in the category were blocked and decrypted by ZS, CNN would never get blocked nor would it be decrypted.
This made no sense as BBC and NYT were perfectly responding to the policies.
My first thoughts were that CNN is probably only using ipv6 and so then I enabled prioritizing ipv4 in the app profile, however, it still would not have any effect. And by now I saw that ndtv, an Indian news website was also not responding to the policies.
Finally, I opened a TAC case, once the engineer evaluated the config and everything looked correct, we decided to disable the ipv6 on the VM network adapter from RUN > ncpa.cpl on the windows 10 VM machine, and then immediately CNN and ndtv too behaved as required with SSL decryption working and the URLs blocked.