Since I am not able to understand the server that responds to this \public_ip request, please do the following.
Run the same experiment again, but make sure that you know before the source IP of the PC outside the network. Simultaneously run on ZS a
From what I see here, the client is trying to connect on udp/137, which correct, cause this is what \AN_IP_ADDRESS does. It is trying to browse the network shared files of a system. There is no nat applied on that and the packet is not replied, so it is just ignored. Then the port 80 is tried, so maybe the windows client is trying to access the web interface of ZS. And this is why you see the certificate and the user-pass promt. Disable HTTP/HTTPS from the wan link and try again. I think that it should fail.
All the above are based on that you didn’t open a browser and entered ZS’ 64.c.x.z address.