Configuring firewall policies requires configuring the following policies as applicable: Firewall Filtering, NAT Control, DNS Control, and IPS Control policies. For FTP Control settings within Firewall, see About FTP Control.

To configure firewall policies:

1. Configure the resources that the policies reference:
   • Users, Groups, Departments, Locations, and Sub-locations for your firewall policies.
   • Time Intervals.
   • Network Applications. You can create network application groups as needed.
   • Network Services. You can modify network services to edit services, add custom services, and create groups.
   • Source and Destination IPv4 Groups.
   • IPv6 Configuration
2. Define the rules for each policy:
   • Firewall Filtering Policy
   • NAT Control Policy
   • DNS Control Policy
   • IPS Control Policy

3. By default, the Zscaler service listens to the following ports:

   • Port 80 for HTTP traffic
   • Port 443 for HTTPS traffic
   • Port 53 for DNS traffic
   • Port 21 for FTP traffic
   • Port 554 for RTSP traffic
   • Port 1723 for PPTP traffic

   If your organization uses other or additional ports for these types of traffic, you can configure the service to use custom ports for these services.

4. Enable the firewall per location.

Advanced Firewall is required to configure and apply policies based on users, groups, departments, or network applications.