Combining the world’s largest security cloud—the Zscaler Zero Trust Exchange™—with Cisco SD-WAN delivers a complete SASE solution that simplifies how traffic is routed from the branch and makes it easy to establish and secure local internet breakouts. Together, Zscaler and Cisco enable fast, secure, policy-based access to the internet and business-critical cloud applications from branch and remote office locations.


Zscaler and Cisco SD-WAN
Enabling secure SASE for enterprise organizations

Fast user
experience
Enable a fast, secure user experience while optimizing application traffic and flow. Simply route internet traffic locally to Zscaler from Cisco SD-WAN routers in the branch.

Reduce costs and
simplify branch IT
Simplify traffic routing, optimize performance, and reduce MPLS costs by leveraging multiple network connection types and delivering the entire security stack as a service. Eliminate need to buy, deploy, and manage gateway security appliances or VMs for every branch.

Better
security
Protect your users with policies that follow them wherever they go, ensuring identical security anywhere they connect. Define and enforce security and access policies across all locations from a single console, and rapidly deploy new security services with just a few clicks.
Cloud security for SD-WAN
SD-WAN is transforming branch office networking, reducing MPLS costs, and optimizing performance. However, reliable SD-WAN security is critical for broad adoption, especially for cloud and internet applications. With Zscaler and Cisco SD-WAN, you can secure all internet traffic without backhauling over MPLS to centralized data centers. Cisco SD-WAN and Zscaler are transforming SD-WAN together.
Centrally define and apply
security policy
Centralized management makes it easy to define and apply Zscaler security and business policies across hundreds or thousands of sites in the Cisco SD-WAN vManage interface.


Leverage automated IPsec
tunnels and high availability
Cisco SD-WAN with Zscaler supports API integration for creating IPsec tunnels. Configure up to four active HA pairs to connect to a primary and secondary Zscaler point of presence. Fully automated Layer 7 health checks ensure 99.9% uptime and availability and will automatically select a new secondary backup if an outage occurs.