hopefully a more articulated explanation is:
ZTNA "VPN" client connects to the ZTNA cloud which has a connection to our data centers using Zscaler App Connector.
These ZTNA clients do not register their name/IP with our internal DNS which means that they cannot be reached by other sources such as users' machines or servers. With this limitation, is there any way softphones could make phone calls to other clients if the receiving end machine cannot be resolved via name.
Also, they get an IP address assigned by Zscaler that does not fall within our RFC1918.