Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Softphone via ZTNA

Softphone via ZTNA

Softphone via ZTNA

Has anyone implemented ZTNA for use with Avaya softphone?

RE: Softphone via ZTNA


You can use AADS with an IdP so some other authentication service can 2 factor authenticate the phone if that's what you mean.

RE: Softphone via ZTNA

ZTNA is a Zscaler vpn type client. Our teams are looking to replace our current VPN client which is F5. There's functionality differences it seems with this new one where this ZTNA client works one way. Our network team is saying if the client is the destination of the traffic it won't be able to accept it since the ZTNA clients work one way. In our case, the company laptop connects and builds the tunnel and then the Avaya softphone client then registers to CM. I interpret from them is if the softphone client calls another it won't work and they are looking for workarounds.

RE: Softphone via ZTNA

hopefully a more articulated explanation is:
ZTNA "VPN" client connects to the ZTNA cloud which has a connection to our data centers using Zscaler App Connector.
These ZTNA clients do not register their name/IP with our internal DNS which means that they cannot be reached by other sources such as users' machines or servers. With this limitation, is there any way softphones could make phone calls to other clients if the receiving end machine cannot be resolved via name.
Also, they get an IP address assigned by Zscaler that does not fall within our RFC1918.

RE: Softphone via ZTNA

My google found Zero Trust Network Access :p

Yeah, that doesn't sound nice. The phone side has an IP that CM or SM send packets to. That's how they get told they're being called.

Don't think that'll work. If you go SIP Remote Worker/SBC, then the SIP traffic would go through the SBC and not the ZScaler gateway.

But even their own documentation says they don't support voip protocols:

Protocols that are not supported (like SIP, H.323, H.248, VOIP, and TFTP) should be bypassed from Zscaler by changing the configuration on the firewall or router when configuring your GRE or IPSec tunnel.


Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close