Messages

I changed the Firewall Rules from WAN to Floating and the matched and pass values in the alias have gone up but some network issues still exist:

name	loaded	matched	block	pass
zscaler_ranges	49	334	0	1826

I expect I am missing something obvious here, being a newbie with opnsense.

I have installed OPNsense 25.7.4-amd64 to replace a NetGear Orbi RBR850.

On my home network I occasionally use a work laptop that uses the Zscaler Client Connector to create a secure tunnel to my work. Zscaler provide a Cloud Enforcement Node Ranges page that lists all URLs in CIDR format for inclusion into an allow list. I have previously included this whitelist in Crowdsec to allow access to my services from my work laptop.

After installing opnsense I noticed the default deny / state violation rule was being triggered when I enabled the Zscaler tunnel on my work laptop. I created an Firewall Alias with the following details:

1. Enabled: checked
2. Name: zscaler_ranges
3. Type: Network(s)
4. Categories: blank
5. Content: CIDRs from Cloud Enforcement Node Ranges
6. Statistics: unchecked
7. Description: Whitelist events from zscaler aggregate ip address ranges

I saved and validated this alias and then created a Firewall Rule under my WAN interface:

1. Action: pass
2. Disabled: unchecked
3. Quick: checked
4. Interface: WAN
5. Direction:  in
6. TCP/IP Version: IPv4+IPv6
7. Protocol: any
8. Source / Invert: unchecked
9. Source: zscaler_ranges
10. Destination / Invert: unchecked
11. Destination: any
12. Description: allow zscaler traffic

I saved and applied this rule.

When I check Firewall : Log Files : Live View I can still see many entries being denied, and the alias reports the following:

name	loaded	matched	in block packet	in pass packet
zscaler_ranges	49	156	0	836

Is there anything I am missing with this configuration?