The best practice is to identify the IP ranges and ports used by your VoIP provider and configure Zscaler to bypass the tunnel for these destinations.
Zscaler WebRTC (Web Real-Time Communication) is a cloud-based security solution that enables secure and fast real-time communication over the web. It allows for peer-to-peer communication between browsers, mobile apps, and desktop applications, while ensuring that all data transmitted is encrypted and secure.
Zscaler does not inspect WebRTC media packets the same way it inspects a webpage. Because WebRTC media streams are end-to-end encrypted (E2EE) and use unique ports dynamically, deep packet inspection is generally not feasible without breaking the connection. zscaler webrtc
When using Zscaler Internet Access (ZIA), the goal is to get WebRTC traffic to its destination with as little interference as possible.
If IP ranges change frequently (common with some SaaS platforms), you may choose to bypass specific UDP ports. The best practice is to identify the IP
The industry standard for high-quality WebRTC is to bypass the security proxy tunnel for specific UDP traffic while maintaining policy control. This is known as or Direct Internet Access .
As organizations adopt Zero Trust architectures, the intersection of network security and real-time communication protocols often creates friction. is the technology powering modern voice, video, and data sharing within web browsers and applications. Zscaler is the world leader in cloud security, acting as a secure internet gateway. Zscaler does not inspect WebRTC media packets the
In the Zscaler Client Connector (ZCC), use Tunnel 2.0 with DTLS (Datagram Transport Layer Security). DTLS is much better suited for WebRTC than standard TLS because it handles UDP traffic more efficiently.
If users experience performance issues, consider reducing the MTU (Maximum Transmission Unit) size in the Zscaler Forwarding Profile to less than 1400. This prevents packet fragmentation which can kill WebRTC quality.