Products > Cloud Firewall

Simplify your network with
Zscaler Cloud Firewall

Full next generation firewall capabilities without
the cost and complexity of NGFW appliances

Watch Video Get the eBook

To benefit from cloud apps, break free from network security appliances and go direct

Securely embracing the cloud and delivering a fast user experience requires local internet breakouts. But, securing internet traffic with traditional UTM and NGFW appliances requires deploying stacks of security appliances in all locations, which is cost prohibitive and extremely difficult to manage.

UTM/NGFW appliance sprawl
  • Cost prohibitive to deploy
  • Creates appliance sprawl
  • Untenable to manage
  • Compromises branch security
  • Performance degrades with SSL inspection and cloud apps with long-lived connections
a diagram showing that in order to benefit from cloud apps, break free from network security appliances and go direct

Cloud Firewall Solution

Zscaler enables secure local breakouts – without appliances

Zscaler Cloud Firewall enables fast and secure local internet breakouts for all ports and protocols, without appliances. Cloud Firewall scales elastically to handle all your cloud application traffic, and is an integral part of the Zscaler Cloud Security Platform, which brings the entire security stack closer to the user to ensure identical protection no matter where they connect.

Read the Datasheet
a diagram showing zscaler is a 100 percent cloud-delivered service and there is no hardware or software to deploy or manage.
See Our Solution View the Challenge

More powerful than a next-generation firewall

Proxy-based
architecture

Dynamically inspects traffic for all users, applications, devices, and locations. Natively inspects SSL/TLS traffic—at scale—to detect malware hidden in encrypted traffic. And, enables granular firewall policies spanning multiple layers based upon network app, cloud app, domain name (FQDN), and URL.

Learn why a proxy-based architecture is required to stop today's advanced threats.

Learn More

Cloud IPS

Delivers always-on IPS threat protection and coverage, regardless of connection type or location. Inspects all user traffic on and off network, even hard-to-inspect SSL traffic, to restore full visibility into user, app, and internet connections.

Learn how Zscaler Cloud IPS takes intrusion prevention to a higher level.

Learn More

DNS security and control

Protects users from reaching malicious domains as the first line of defense. Optimizes DNS resolution to provide a better user experience and cloud application performance, which is especially critical for CDN-based apps. And, provides granular controls to detect and prevent DNS tunneling.

See how Cloud Firewall can block malicious domains and prevent DNS tunneling.

Watch Now

Visibility and simplified management

Delivers real-time visibility, control, and immediate policy enforcement across the platform. Logs every session in detail. Uses advanced analytics to correlate events and provide insights into threats and vulnerabilities for all users, applications, and locations from a single console.

Watch how easy it is to setup granular policies with Zscaler Cloud Firewall.

Watch Now

Proxy-based
architecture

Dynamically inspects traffic for all users, applications, devices, and locations. Natively inspects SSL/TLS traffic—at scale—to detect malware hidden in encrypted traffic. And, enables granular firewall policies spanning multiple layers based upon network app, cloud app, domain name (FQDN), and URL.

Learn why a proxy-based architecture is required to stop today's advanced threats.

Learn More

Cloud IPS

Delivers always-on IPS threat protection and coverage, regardless of connection type or location. Inspects all user traffic on and off network, even hard-to-inspect SSL traffic, to restore full visibility into user, app, and internet connections.

Learn how Zscaler Cloud IPS takes intrusion prevention to a higher level.

Learn More

DNS security and control

Protects users from reaching malicious domains as the first line of defense. Optimizes DNS resolution to provide a better user experience and cloud application performance, which is especially critical for CDN-based apps. And, provides granular controls to detect and prevent DNS tunneling.

See how Cloud Firewall can block malicious domains and prevent DNS tunneling.

Watch Now

Visibility and simplified management

Delivers real-time visibility, control, and immediate policy enforcement across the platform. Logs every session in detail. Uses advanced analytics to correlate events and provide insights into threats and vulnerabilities for all users, applications, and locations from a single console.

Watch how easy it is to setup granular policies with Zscaler Cloud Firewall.

Watch Now

The next-generation firewalls (NGFWs) in use today were architected over a decade ago. But, providing security and access controls for the cloud-first enterprise requires dynamic capabilities that NGFWs were not designed to deliver. Explore how Zscaler Cloud Firewall capabilities surpass those of NGFWs or virtualized appliances.

Read the Cloud Firewall eBook

Cloud Firewall product benefits

More powerful than a next-generation firewall

Enables secure local internet breakouts

Provides direct to internet connections for a fast user experience, without any appliances to deploy or manage

Brings the entire security stack close to the user

Ensures identical protection for users from wherever they connect

Reduces costs and complexity

Optimizes MPLS backhauling spend and eliminates costly and time-consuming patch management, coordination of outage windows, and policy management

Scales services elastically

Handles SSL inspection and cloud application traffic requiring long-lived connections for a fast user experience

Provides security and access controls for internet traffic on all ports

Delivers firewall-as-a-service to provide security and access controls for internet traffic on all ports, not just 80 and 443, to prevent advanced threats

Logs every session and delivers real-time visibility and policy enforcement

Across all users, all locations, all applications, and all ports and protocols from a single console

Learn More
Zscaler customer autonation stating that the next generation firewall was one of the primary considerations in selecting Zscaler.

“The next gen firewall capabilities are actually a core requirement. It was one of the primary considerations in selecting Zscaler. We hadn't found in any of the other cloud services that actually had a full protocol next gen capability.”

See Customer Story

Go from overall visibility to actionable information in real time

With Zscaler Cloud Firewall, apps are visible, regardless of port or protocol

analytics dashboard capture from zscaler cloud firewall showing valuable insights of threats and vulnerabilities in real time
Request Demo

Define and immediately enforce all policies for all locations from a single console

Easily create granular policies at the user, department, location, or application level

console capture of zscaler next generation firewall showing it's easy to define granular policies by user, location, group, and department
1.  HTTP/HTTPS traffic only on guest Wi-Fi
2.  Allow FTP for IT users only
3.  Block all P2P apps except Skype for Business
4.  Allow access to dynamic IPs based upon FQDN
See How

Suggested Resources

Datasheet

Zscaler Cloud Firewall

Read the Datasheet 

Webinar

Why your next gen branch firewall should be a cloud firewall

Watch Webinar 

White Paper

Zscaler Cloud Firewall Guide

Get the Guide 
Explore Popular Resources