Products > Cloud Firewall

Zscaler Cloud Firewall

Secure all your users’ traffic, on any device,
wherever they connect

Why NGFWs are no longer enough

Organizations spend millions each year on network firewalls. But as apps move to the cloud, and remote users leave your network, enterprises need agile and scalable capabilities that NGFWs were not designed to deliver. From the lack of off-network protection, to increasing branch network costs, NGFWs and virtualized appliances are becoming insufficient.

The challenge of traditional firewalls and NGFW solutions

Cost and Complexity

Deploying stacks of security appliances or firewalls at every branch is prohibitively expensive and increases policy management complexity.

Poor User Experience

Backhauling internet and SaaS-bound traffic to the data center creates bottlenecks that kill the user experience.

Off-Network Users

When users drop off your network and VPN in, your security policies go blind and risk increases.

Inconsistent Security

Sizing and selecting firewall models based upon branch size or bandwidth results in security compromises and inconsistent policies across branch locations.

Zscaler Cloud Firewall

Zscaler Cloud Firewall enables fast and secure off-network connections and local internet breakouts for all your user traffic, without appliances.

Zscaler Cloud Firewall elastically scales across all ports and protocols to handle all your cloud application traffic. And, it ensures users have consistent protection no matter where, or on what device, they connect—from home, the branch office, at headquarters, or on the road.

Zscaler Cloud Firewall

What can Zscaler Cloud Firewall do for you?

Reduce Costs and Increase Agility

With cloud-delivered security, you eliminate appliance management and hardware refreshes. You get infinite scalability and the ability to rapidly respond to enforce policy everywhere and add new services with just a few clicks.

Deliver a Fast and Secure User Experience

Enables secure direct-to-cloud connections and optimizes DNS, TCP, and peering to reduce latency and ensure users are secure and can remain productive.

Protect Users On and Off the Network

Protects users on any device, on and off network, wherever they connect, without requiring a VPN.

Provide Comprehensive Security

Our proxy-based architecture scales elastically to deliver DNS security and always-on IPS threat protection for all connection types and locations, and inspects all user traffic—even hard-to-inspect SSL.

What makes Zscaler Cloud Firewall unique?

Secure local internet breakouts

Provides direct-to-internet connections that scale elastically, without any appliances to buy, deploy, or manage. See how >

Full protection on and off the network

Cloud Firewall, along with Zscaler Client Connector, our lightweight app, brings security close to the user to ensure consistent policy and protection for all your users on and off the network, on any device, from wherever they connect—at headquarters, at a remote or branch office, working from home, or on the road. See how >

Proxy-based architecture

Secures cloud apps and enables deeper context-based security inspection and real-time threat prevention for all web and non-web applications by dynamically inspecting traffic for all users, applications, devices, and locations. Learn more >

Fast and secure user experience and app performance

Delivers a great user experience and uncompromised security. Cloud Firewall protects users from reaching malicious domains and provides granular controls to detect and prevent DNS tunneling. At the same time, it optimizes DNS resolution, TCP, and peering to ensure every user gets a fast and local connection and optimal cloud application performance. See how >

Always-on IPS

With always-on IPS, you get the threat protection and visibility you need, no matter the connection type or location. Automatic scalability ensures you never run out of inspection capacity, so you can natively inspect all user traffic, even hard-to-inspect SSL encrypted traffic. Learn more >

Zscaler customer

“The next gen firewall capabilities are actually a core requirement. It was one of the primary considerations in selecting Zscaler. We hadn't found in any of the other cloud services that actually had a full protocol next gen capability.”

Suggested Resources


Zscaler Cloud Firewall Datasheet


Next Generation Firewall


Simplify your network and branch offices with Zscaler Cloud Firewall


Zscaler Cloud Firewall Guide


Mondi Group: How I transformed a global network


Setting policy with Zscaler Cloud Firewall