Routing Issues

Zscaler: OSPF MTU mismatch

By Sai Kiran Pandrala · reviewed by Sai Kiran Pandrala, Editor Last verified: 2026-05-30

⚡ At a glance
VendorZscaler
Operating systemZscaler Cloud (ZIA / ZPA / ZDX)
CategoryRouting Issues
Skill levelIntermediate to advanced
DIY-able?Yes with CLI access; some scenarios need Zscaler Support + RMA.

What this guide covers

Diagnose and fix OSPF MTU mismatch on a Zscaler device (Zscaler Cloud (ZIA / ZPA / ZDX)).

Most likely cause + fix

Both routers must have identical MTU on the OSPF interface. Match them explicitly.

Diagnostic CLI

Admin Portal → Analytics
# Use the Zscaler Cloud (ZIA / ZPA / ZDX) equivalents of:
#   show ip route / show route
#   show ip bgp summary / show bgp summary
#   show ip ospf neighbor / show ospf neighbor
#   show log | include BGP|OSPF

When the issue persists

Frequently asked questions

Will this work on my specific Zscaler Cloud (ZIA / ZPA / ZDX) version?

The procedure reflects current Zscaler Cloud (ZIA / ZPA / ZDX) behaviour. Older releases may need minor syntax adjustments, use the CLI help (? or tab-completion) to verify.

Should I open a Zscaler Support case immediately?

Open one if you suspect hardware failure or the symptom persists after a maintenance-window reload. Make sure your support entitlement is active first.

Where can I find the Zscaler official documentation?

https://help.zscaler.com. search the product family + feature name.

Is this procedure safe in production?

Test in a lab or maintenance window first. Capture pre-change state so you can roll back.

Related guides worth a look while you sort this one out:

References


Reference material, not professional advice. Validate against your specific Zscaler Cloud (ZIA / ZPA / ZDX) version and test in a non-production environment before applying.

What changed recently?

Fault diagnosis on a Zscaler: device goes faster when you map the symptom to a recent change:

The answer narrows the root cause to a manageable subset.

Safety + preconditions

Before any work on a Zscaler: device:

How to confirm it's actually fixed

On a Zscaler: device, the test is rarely "reboot and see". Use this list:

When to call Zscaler: support instead

Escalate if:

More frequently asked questions

Can I roll this back if something breaks?

Yes for software-level changes (firmware rollback, config rollback). Hardware changes are usually one-way. Always back up settings before starting.

Will this void my warranty?

Applying official firmware updates and following the user manual will not affect warranty. Opening sealed components, jumping safety circuits, or using third-party parts can void warranty in most jurisdictions.

Should I update firmware first or last?

Update firmware first if a release note specifically mentions your symptom. Otherwise, finish the troubleshooting flow first, then update; that way you can isolate whether the update or the underlying fix solved it.

What if the fix returns after a reboot?

Persistent fault returns mean either: a hardware fault (escalate), a configuration that's being overwritten by a sync source (check cloud profiles), or a regression in a recent firmware update (rollback).

Why is this happening on a brand-new unit?

Out-of-box defects do occur. If you've owned the device under 30 days and the symptom persists after a factory reset, escalate to the seller for replacement under DOA terms before opening a manufacturer support case.