Products > Cloud Firewall

Zscaler Cloud Firewall

Secure all your users’ traffic, on any device,
wherever they connect

Why NGFWs are no longer enough

Organizations spend millions each year on network firewalls. But as apps move to the cloud, and remote users leave your network, enterprises need agile and scalable capabilities that NGFWs were not designed to deliver. From the lack of off-network protection, to increasing branch network costs, NGFWs and virtualized appliances are becoming insufficient.

The challenge of traditional firewalls and NGFW solutions


Cost and Complexity

Deploying stacks of security appliances or firewalls at every branch is prohibitively expensive and increases policy management complexity.


Poor User Experience

Backhauling internet and SaaS-bound traffic to the data center creates bottlenecks that kill the user experience.


Off-Network Users

When users drop off your network and VPN in, your security policies go blind and risk increases.


Inconsistent Security

Sizing and selecting firewall models based upon branch size or bandwidth results in security compromises and inconsistent policies across branch locations.

Zscaler Cloud Firewall

Zscaler Cloud Firewall enables fast and secure off-network connections and local internet breakouts for all your user traffic, without appliances.

Zscaler Cloud Firewall elastically scales across all ports and protocols to handle all your cloud application traffic. And, it ensures users have consistent protection no matter where, or on what device, they connect—from home, the branch office, at headquarters, or on the road.

zscaler-cloud-firewall-brings-next-gen firewall-controls-and-advanced-security-to-all users-in-all-locations
Zscaler, a leader in Gartner magic quadrant for secure web gateways, for 10 consecutive years

Zscaler: A Leader in the Gartner® Magic Quadrant™ for Security Service Edge (SSE)

Positioned Highest in the Ability to Execute

What can Zscaler Cloud Firewall do for you?


Reduce Costs and Increase Agility

With cloud-delivered security, you eliminate appliance management and hardware refreshes. You get infinite scalability and the ability to rapidly respond to enforce policy everywhere and add new services with just a few clicks.


Deliver a Fast and Secure User Experience

Enables secure direct-to-cloud connections and optimizes DNS, TCP, and peering to reduce latency and ensure users are secure and can remain productive.


Protect Users On and Off the Network

Protects users on any device, on and off network, wherever they connect, without requiring a VPN.


Provide Comprehensive Security

Our proxy-based architecture scales elastically to deliver DNS security and always-on IPS threat protection for all connection types and locations, and inspects all user traffic—even hard-to-inspect SSL.

What makes Zscaler Cloud Firewall unique?


Secure local internet breakouts

Provides direct-to-internet connections that scale elastically, without any appliances to buy, deploy, or manage. See how >


Full protection on and off the network

Cloud Firewall, along with Zscaler Client Connector, our lightweight app, brings security close to the user to ensure consistent policy and protection for all your users on and off the network, on any device, from wherever they connect—at headquarters, at a remote or branch office, working from home, or on the road. See how >

Proxy-based Architecture makes Zscaler Cloud Firewall Unique

Proxy-based architecture

Secures cloud apps and enables deeper context-based security inspection and real-time threat prevention for all web and non-web applications by dynamically inspecting traffic for all users, applications, devices, and locations. Learn more >

Zscaler delivers fast and secure user experience and app performance

Fast and secure user experience and app performance

Delivers a great user experience and uncompromised security. Cloud Firewall protects users from reaching malicious domains and provides granular controls to detect and prevent DNS tunneling. At the same time, it optimizes DNS resolution, TCP, and peering to ensure every user gets a fast and local connection and optimal cloud application performance. See how >

Zscaler Cloud Firewall Delivers always-on IPS threat protection and coverage

Always-on IPS

With always-on IPS, you get the threat protection and visibility you need, no matter the connection type or location. Automatic scalability ensures you never run out of inspection capacity, so you can natively inspect all user traffic, even hard-to-inspect SSL encrypted traffic. Learn more >

Zscaler customer

“The next gen firewall capabilities are actually a core requirement. It was one of the primary considerations in selecting Zscaler. We hadn't found in any of the other cloud services that actually had a full protocol next gen capability.”

Suggested Resources


Zscaler Cloud Firewall Datasheet


What is Next Generation Firewall?


Simplify your network and branch offices with Zscaler Cloud Firewall


Zscaler Cloud Firewall Guide


Mondi Group: How I transformed a global network


Setting policy with Zscaler Cloud Firewall