Concerned about recent PAN-OS and other firewall/VPN CVEs? Take advantage of Zscaler’s special offer today

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Products & Solutions

Introducing Zero Touch Branch Connectivity

July 14, 2023 - 4 min read

In the rapidly evolving world of IT, traditional approaches to branch connectivity are becoming outdated. Legacy hub-and-spoke network architectures and traditional network-based security solutions are no longer sufficient to meet the challenges of today's digital landscape. The rise of cloud applications and the adoption of software-defined wide area networking (SD-WAN) have brought about significant changes, but they also present new security risks and complexities.


The challenge of traditional SD-WAN networks

One of the key challenges with traditional branch connectivity is lateral threat movement. In a typical network setup, site-to-site VPNs create a large, routable network in which a single infected device can easily spread malware or compromise the entire network. This exposes organizations to the risk of lateral movement of threats, making it difficult to contain and mitigate security breaches.

Furthermore, the internet attack surface is a major concern for organizations. Every internet-facing firewall can be discovered and targeted by attackers, putting sensitive data and applications at risk. Traditional network-based security measures, such as firewalls and intrusion detection systems, can only provide limited protection against these evolving threats.


The need for Zero Trust Branch Connectivity

To address these challenges, Zscaler has pioneered a new approach to branch connectivity based on zero trust principles. At ZenithLive ‘23 we introduced Zero Trust Branch Connectivity (Branch Connector) built on the Zscaler Zero Trust Exchange™—a highly available, globally distributed security service edge (SSE) that ensures secure communication over a non-routable WAN. This innovative solution minimizes the internet attack surface, eliminates lateral threat movement, and reduces operational complexity.



New plug & play appliance

The Branch Connector can be deployed as a lightweight virtual machine or a plug and play appliance, providing flexibility and scalability. It is managed out-of-band, and all security policies are centrally managed from the Zscaler portal, ensuring consistent and effective security measures across all branch locations. The Branch Connector virtual appliance is available to customers today, and many customers have already deployed it in production.



As part of our launch announcements at Zenith Live, we are introducing two plug and play models: ZT600 and ZT800. These appliances provide a complete zero touch provisioning (ZTP) capability to simplify onboarding without a need for any technician onsite. 




Technical specifications 


4-core, 16GB Memory, 128G SSD,6x1GE ( RJ45)

Small offices up to 500MBps throughput


8-core, 32GB Memory, 256G SSD, 6x1GE ( RJ45), 2x 10GE (SFP)

Medium offices up to 1 Gig throughput


Plug and play appliances are becoming available for limited private preview starting later this year, and are planned for general availability early in 2024.


How zero touch provisioning works 

Branch Connector appliances will provide ZTP capabilities in 3 simple steps




As soon as customers plug in the power and Ethernet cable (internet bound), a ZTP agent on the appliance will connect to the Zscaler cloud and become available in the branch connector admin console for configuration. The whole process is secured using a Trusted Platform Module (TPM) chip-based workflow.


A simple configuration wizard will walk through a few clicks to enter device name, attach appliance serial numbers, and select location of the branch offices.




Branch Connector supports high availability configuration and allows for the configuration of all interface IP addresses as Virtual IP, forwarding, and service interfaces.





After configuration is complete and approved, orchestration will take place and the site will be up and running in a few minutes.





In today's digital landscape, traditional branch connectivity solutions are no longer sufficient to address the challenges of lateral threat movement and evolving security risks. Zscaler Zero Trust Branch Connectivity provides a secure and simplified approach by eliminating site-to-site VPNs and adopting zero trust principles.

With Zero Trust Branch Connectivity, organizations can minimize the attack surface, eliminate lateral threat movement, and reduce operational complexity. This innovative solution enables seamless integration of branch sites, enhances security posture, and ensures cost savings.

Embracing Zero Trust Branch Connectivity is a vital step toward ensuring secure and efficient branch connectivity in the era of digital transformation. By leveraging the power of zero trust principles, organizations can confidently embrace the benefits of cloud applications and SD-WAN, without compromising on security.

If you’re interested in learning more, click here to learn more in a data sheet or reach out to your Zscaler representative to ask for a demo


form submtited
Thank you for reading

Was this post useful?

dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.