Basic Tutorials for ZT Networking? 0.0.0.0 routes and IPS to inspect outbound traffic

Hello, new ZT user here.
Use case: 15 users quarantined in geographically separated living spaces. Users connecting to Google Workspace accounts to do work with BYOD devices.
Requirement: Enable a Nessus server to connect and scan all endpoints, and redirect all outbound web traffic through an OPNsense or PFsense vm running Suricata or Snort in the cloud for inspection.

Anyone doing anything similar? I think I can redirect all traffic to the *Sense box by using a redirect in the rules, or entering a quad 0 route. Assuming that is so and my technical solution works; has anyone had any difficulties with non-technical end users being able to comprehend how to join the ZT network when they use their BYOD for work? Has it been easy to redirect all work related traffic through the IPS by simply teaching them to join the ZT network and disconnect from it when doing personal stuff?

Any thoughts would shorten my development time and be appreciated.

Hello!
User’s will have to check the “Allow Default” checkbox in their client network for 0.0.0.0 to work.

You can send all zerotier traffic to you IDS with a tee rule without using zerotier default route.
If you want to monitor all their webtraffic as well, you’ll need the default route.

Thank you sir. Appreciate it.