To deliver next gen firewall functionality for all users, think outside the box

No hardware, no software. All ports, all protocols, all users.

Talk to us >

Just point your Internet traffic to Zscaler’s application-aware Cloud Firewall, and protect your users in all locations

With Zscaler, you can add next-gen firewall protection for all users without the need to deploy or maintain hardware or software. Our cloud handles aggregate traffic at over 100 million sessions per second—always inline and always blocking. Native SSL inspection is built in for every byte of traffic, all the time. So you get complete protection for all users, in all locations, across all ports and protocols—with no headaches.

Talk to us >

The SC Awards' Winner (2016) — Best Cloud Computing Security

Zscaler Cloud Firewall won the Best Cloud Computing Security Solution award by SC Magazine.

Learn more >

Suggested Resources

Cloud-based next generation firewall

Download the datasheet >

Osterman Research on next generation firewall trends

Read the report >

Are there gaps in your next gen firewall?

Watch the webcast >

Miercom report on Zscaler cloud firewall

Read the report >

Zscaler a Gartner Magic Quadrant leader

Read the report >

Zscaler a Forrester Wave leader

Read the report >

Even if you could afford next-gen firewalls for every branch, would they really protect your users?

Next-generation firewalls deliver application awareness that is vital for protecting the data center. But what about the branch or remote office? What is needed there is real-time inspection of Internet requests and replies, including SSL inspection. Not only are packet filtering/stateful firewalls prohibitively expensive when deployed at each location, they are not designed to handle SSL inspection at the required performance level, requiring additional separate hardware or firewalls with more capacity.

Zscaler Cloud Firewall delivers the security that your distributed enterprise, retail outlets, or branch deployment really needs, without any hardware, software, or ongoing maintenance. Because Zscaler Cloud Firewall is part of our global cloud-based security platform, all you need to do is create a VPN or GRE tunnel from your gateway to the Zscaler cloud. Native SSL inspection is built into our platform, not as a “bolt-on” solution like those offered by appliance vendors. And configuration changes can be made instantly—no need for a maintenance window.

Zscaler features more than just control of ports and protocols, with deep packet inspection and heuristics for application identification and control, including:

  • Mobile and cloud applications like Microsoft Office 365 that change IP addresses frequently
  • P2P apps like Skype, Bit Torrent, or Tor
  • Port-evasive apps and anonymizers like Ultrasurf

Talk to us >

Easily create granular policies at the user, department,
location, or application level

Enable Microsoft Office 365 in one click.

By user/group/department

By location type

By application/service

By time

Zscaler next generation firewall policy overview user interface

Talk to us >

Go from overall visibility to actionable information in real time

See and control the apps that are actually in use, regardless of port or protocol.

Zscaler cloud firewall allows you to see and control the apps that are in use, regardless of port or protocol.

Talk to us >


  • The Zscaler Cloud Firewall is fully integrated with all of our products, including our award-winning Secure Web Gateway, so everything works together – from the UI to the user.
  • Get the benefit of Zscaler’s global footprint - every time we block a threat for any one of our 15 million users, we block it for all of our 15 million users.
  • Get the protection that your “next gen” branch and mobile users really need.
  • Inspect SSL encrypted traffic – at line rate.
  • Tremendous cost savings by eliminating CAPEX.
  • Eliminate perimeter appliances as you enable an agile enterprise.

Talk to us >

The Zscaler difference

  • Break free from the cycle of buying, deploying, managing and upgrading firewall appliances.
  • Get real, correlated threat protection that firewall appliances were not designed to offer.

Learn more >

The next gen firewall capabilities are actually a core requirement. It was one of the primary considerations in selecting Zscaler. We hadn't found in any of the other cloud services that actually had a full protocol next gen capability.
Ken Athanasiou, Chief Information Security Office at AutoNation
Auto Nation Logo

Zscaler’s integrated security functions work together in real time, providing comprehensive protection

Provide complete security across all transactions using all ports and protocols, including SSL traffic.

Zscaler cloud security platform


Learn how Zscaler can protect your organization

Talk to us >