Is Cloudi-Fi down?

Type: Maintenance Duration: 1 hour and 26 minutes Affected Components: Captive Portals, Admin Interface Apr 28, 08:00:00 GMT+0 - Identified - The planned deployment is scheduled for Tuesday, April 28th, 2026, from 10 a.m. to 2 p.m. CET. No service interruption is expected. This release includes bug fixes, performance improvements, and new features. **Features and enhancements** * **Locations search filters** Advanced search filters are now available on the Locations page in Stable mode, helping administrators find locations faster in large environments. * **Access logs** The Access Logs page has been redesigned in Beta mode with a detailed aside panel for log events and new advanced search filters for devices, destination IP addresses, and ports. * **User accounts - Bulk edit** Administrators can now manage multiple user accounts at once with bulk actions such as changing profile, managing plan, extending validity, and expiring validity. **Bug fixes** * **Events registration count** Fixed an issue where registration count information disappeared after event changes. * **Lobby user import** Fixed a mapping error affecting some user imports in the Cloudi-Fi Lobby. * **Users authentication** Fixed an issue where authentication details could not be loaded. For more details about the release, please visit our [Release Information Page](https://help.cloudi-fi.com/hc/en-us/articles/35581082655133). Apr 28, 08:00:01 GMT+0 - Identified - Maintenance is now in progress Apr 28, 09:25:43 GMT+0 - Completed - Maintenance has been completed successfully with no incidents or service disruptions observed. All systems are fully operational.

Type: Incident Duration: 13 hours Affected Components: Captive Portals Apr 7, 13:45:00 GMT+0 - Identified - **Monitoring: Expanded Impact to US Nodes & Escalation** The scope of this incident has broadened beyond the APAC region. We have now received reports of similar connectivity issues affecting Zscaler nodes in the US. We have escalated this matter to senior Zscaler engineering leadership for an urgent, comprehensive investigation into what appears to be a multi-region disruption. ## **Current Status & Workarounds** While we await a global resolution from Zscaler, please continue to utilize the previously verified node failovers: * **India:** Move from Chennai 2 to **Hyderabad 1**. * **APAC:** Move from Singapore to **Hong Kong 3** or **Tokyo 4**. * **US:** We are currently identifying stable target nodes for US traffic and will provide specific recommendations shortly. Our internal teams remain on high alert and are working alongside Zscaler to stabilize service globally. Apr 7, 02:15:00 GMT+0 - Investigating - **Investigating: Service Issues with Zscaler Integration (APAC)** We are currently investigating reports of connectivity issues affecting customers integrated with the [**zscloud.net**](http://Zscloud.net) cloud in the **APAC region**. We are working directly with Zscaler to identify the cause and will provide updates as they become available. Apr 7, 07:00:00 GMT+0 - Identified - **Monitoring: Investigation & Remediation in Progress** Zscaler has officially acknowledged our support ticket and is investigating the issue. Simultaneously, our internal engineering teams are evaluating potential remediation steps to restore service for **APAC customers**. We will share more details as our joint efforts progress. Apr 7, 08:00:00 GMT+0 - Identified - **Monitoring: Expanded Scope & Investigation** Our investigation has confirmed that the impact extends beyond the [zscloud.net](http://Zscloud.net) environment to include [zscaler.net](http://zscaler.net) and other Zscaler clouds within the APAC region. Zscaler has acknowledged our high-priority ticket, and we are working closely with their team while our internal engineers continue to pursue a parallel remediation path. Apr 7, 15:15:00 GMT+0 - Monitoring - **Monitoring: Global Mitigation Applied by Zscaler** Zscaler has implemented a global fix to address the connectivity issues affecting multiple nodes (including Singapore, Chennai 2, and US-based data centers). We have received initial confirmation from customers in both the **US and APAC regions** that service has been restored and they are now able to connect via their original primary nodes. Zscaler has also published an official update regarding this resolution on their Trust Portal: [Zscaler Status Post 28871](https://trust.zscaler.com/zscaler.net/posts/28871). We are waiting the RCA from Zscaler engineering team Apr 7, 16:15:00 GMT+0 - Resolved - ## **Incident Update: Resolved** **Resolved: Global Service Restoration** We have confirmed that service has been fully restored across all Zscaler clouds and regions, including the previously impacted nodes in **Singapore**, **Chennai 2**, and the **US**. Zscaler has implemented a global fix, and our internal telemetry shows that all integration traffic is now flowing normally. **Next Steps** Our engineering leadership is currently awaiting the formal **Root Cause Analysis (RCA)** from Zscaler’s engineering team. Once we have reviewed their technical breakdown of the multi-region disruption, we will provide a comprehensive summary to all affected customers. Apr 7, 08:40:00 GMT+0 - Identified - **Monitoring: Multiple Impacted Nodes Identified (Singapore & Chennai)** Our ongoing investigation has confirmed that the issue is not limited to the Singapore node. We have identified that the Chennai 2 node (India) is also experiencing disruptions, contributing to the connectivity issues across the APAC region. ## **Recommended Workaround** To restore connectivity immediately, we suggest customers manually switch their traffic to one of the following stable nodes: * **Hong Kong 3** * **Tokyo 4** We continue to work with Zscaler to resolve the specific issue in Singapore and will provide a final update once the node is stabilized. Apr 7, 11:00:00 GMT+0 - Identified - **Monitoring: Additional Impacted Node (Chennai 2) & Verified Workaround** Our ongoing investigation has confirmed that the disruption is not limited to Singapore. The Chennai 2 node (India) is also experiencing significant instability. We have successfully verified a workaround with impacted customers in the region. ## **Verified Workaround** If you are experiencing connectivity issues or tunnel drops on the affected nodes, please implement the following failovers: * **For India-based traffic (Chennai 2):** Redirect tunnels to the **Hyderabad 1** node. This has been confirmed to restore stable connectivity in live testing. * **For Singapore-based traffic:** Redirect to **Hong Kong 3** or **Tokyo 4**. We remain in constant communication with Zscaler support as they work toward a permanent fix for the Singapore and Chennai data centers. Apr 14, 16:15:00 GMT+0 - Postmortem - # RCA From Zscaler: Incident Summary ● On April 7th, 2026, Zscaler received customer reports of Identity Provider (IdP)-initiated authentication failures affecting the [zscaler.net](http://zscaler.net) and [zscloud.net](http://zscloud.net) cloud environments. ● Customers using IdP-initiated authentication (notably Cloudi-Fi) experienced login failures (Error 581000 / 403 Forbidden) where the authentication redirect flow failed at the final redirect to [gateway.zscloud.net](http://gateway.zscloud.net), preventing users from accessing resources. ● Zscaler’s investigation determined the root cause was a recently enabled feature bit. Zscaler disabled the feature bit on the control plane for impacted cloud environments, and customers reported the issue was mitigated. ● On April 8th, 2026, additional reports were received. Zscaler confirmed the feature bit remained disabled on the control plane. However, further analysis found the disablement had not propagated to some Service Edges that form the data plane, resulting in continued impact for a subset of customers. ● Zscaler performed a full cloud audit to identify affected Service Edges and executed a Central Authority (CA) cache flush on impacted Service Edges to restore normal configuration synchronization. After the flush, the change propagated successfully, and service returned to normal. ● As part of Zscaler’s Post-Incident Review (PIR) process, Zscaler is evaluating monitoring, alerting thresholds, and resiliency controls to identify improvement opportunities and further reduce the likelihood and impact of similar events. This document contains preliminary findings; a final Root Cause Analysis (RCA) will be issued following validation of long-term corrective actions. # Incident Trigger ● A newly implemented security feature bit was introduced to enhance protections against open redirects during authentication handoffs. The feature validates redirect tokens and Zscaler private and confidential information targets to safeguard Zscaler’s service against abuse of open redirect paths in authentication redirect flows. ## Impact (Medium) ● Customers using IdP-initiated authentication (notably Cloudi-Fi) experienced login failures (Error 581000 / 403 Forbidden) where the authentication redirect flow failed at the final redirect to [gateway.zscloud.net](http://gateway.zscloud.net), preventing users from accessing resources. ## Incident Window | **Time (UTC)** | **Event** | | --------------------- | ----------------------------------------- | | April 7th, 2026 06:59 | Incident start (INC-000001256) | | April 7th, 2026 15:09 | Incident mitigated (feature bit disabled) | | April 8th, 2026 05:58 | Further impact reported (INC-000001257) | | April 8th, 2026 12:27 | Incident resolved (CA flush completed) | # Resolution Details ● Zscaler implemented corrective actions to resolve the incident. Zscaler disabled the feature bit on the control plane for the impacted cloud environments and completed a CA cache flush on impacted Service Edges to restore normal configuration synchronization. # Strategic Improvements ● As part of Zscaler’s Post-Incident Review (PIR) process, Zscaler is evaluating monitoring, alerting thresholds, and resiliency controls to identify improvement opportunities and further reduce the likelihood and impact of similar events. This document contains preliminary findings; a final Root Cause Analysis (RCA) will be issued following validation of long-term corrective actions.

Type: Maintenance Duration: 4 hours Affected Components: Captive Portals, DHCP, Admin Interface Apr 2, 12:00:00 GMT+0 - Completed - Maintenance has completed successfully Apr 2, 08:00:01 GMT+0 - Identified - Maintenance is now in progress Apr 2, 08:00:00 GMT+0 - Identified - The planned deployment is scheduled for **Thursday, April 2nd, 2026, from 10 a.m. to 2 p.m. CET**. No service interruption is expected. This release introduces several updates and improvements: **Features and enhancements** * **Device search module** * New module to locate any device on the network using filters: Device Name, IP Address, Hostname, Device Brand, DHCP Lease Status, Locked IP, MAC Address. * **MAC-Based authentication - Huawei NCE iMaster** * Cloudi-Fi now supports MAC-based authentication with Huawei NCE iMaster. _See dedicated KB article._ * **VPN IPSec logs for DHCP tunnels** * Administrators can view and search IPSec tunnel negotiation logs directly from the admin interface, in a human-readable format. * **User accounts page - Beta** * Centralized view of all registered users, with: * Consolidated user list with account info and status * Advanced search and filtering by multiple criteria * Reset password directly from a user's account * Change profile for any user _To enable: Profile icon → My Account → Interface version → Beta → Save changes._ * **Subscription messaging** * Revised alerts now distinguish between a limit being reached vs. genuinely exceeded, replacing the ambiguous "You exceed your subscription" message. * **Security monitoring enhancements** * Improved detection and tracking of suspicious activity patterns across the platform. * **NAC provider – Entra ID group filtering** * Administrators can now filter and restrict groups imported from Microsoft Entra ID, simplifying group management. **Bug fixes** * NAC providers were not displaying correctly due to a missing display name field. This has been corrected, and all NAC providers now appear as expected in the interface. * When a search or filter operation returns no results, a clear and descriptive message is now shown to inform the administrator that no matching records were found, eliminating any ambiguity. For more details about the release, please visit our [Release Information Page](https://help.cloudi-fi.com/hc/en-us/articles/34915531401245).