Symptom
SIG tunnel setup to zScaler will fail. The Tunnel fsm state will show up as "gre-tunnel-st-invalid" in the show command "show sdwan secure-internet-gateway zscaler tunnels".
The other condition would be that the api requests to zScaler will fail with the error code 409 as part of the response, which is also visible in the above show command.
No new api requests to zScaler would be seen in the ftm logs with the debugs (debug platform software sdwan ftm sig) enabled to new add/delete tunnel requests.
Conditions
SIG tunnels with zScaler must be configured on the device.
This can occur when the response from zscaler does not reach the device to one or more api requests.
This can also occur if a wrong config, such as an invalid credential is added and the followed up by multiple attach and detach of the SIG template.
As a result of which the FSM state might not move forward and get stuck in the present state.
Workaround
Reach Cisco TAC to apply WA.
Further Problem Description
