About Firewall Control

The Zscaler service provides integrated cloud-based next-generation firewall capabilities that allow granular control over your organization’s outbound TCP, UDP and ICMP traffic. This includes Firewall and DNS dashboards, giving your organization visibility into applications running in your networks.

By default, the Zscaler firewall allows all non-HTTP/HTTPS traffic from your network to the Internet. You can configure policies that define which types of traffic are allowed from specific sources and to specific destinations and at scheduled times.

You can configure the following firewall policies:

  • Firewall Filtering Policy: Add rules to allow or block specified types of traffic from your network to the Internet. You can also specify how the sessions are logged.
  • NAT Control Policy: Add rules to perform destination NAT. You can redirect traffic to specific IP addresses and optionally, ports.
  • DNS Control Policy: Add rules to allow or block DNS requests, redirect requests to a different DNS server, or redirect DNS responses by substituting the IP address in a DNS response with a preconfigured IP address.

Configuring Firewall Policies requires configuring the three policies above as applicable and enabling the firewall for your locations. You may also need to create source and destination IP groups, modify network services, create network application groups, and configure custom ports.

Note that configuring a firewall policy requires the following: 

  • An organization must forward its IP traffic from a known location.
  • If your organization wants to apply firewall policies at the user level, user authentication and surrogate IP must be enabled. Otherwise, the Zscaler firewalll service applies organization and location policies. 

For information on the order in which the service enforces all policies, including this policy, see How does the Zscaler service enforce policies?

  1. Configure a Firewall Filtering policy rule. See How do I configure the Firewall Filtering policy?
  2. Click Recommended Policy to view the policy Zscaler recommends.
  3. View a list of all configured Firewall Filtering policy rules. 
  4. Edit or duplicate a Firewall Filtering policy rule. See How do I edit, delete, or duplicate items in the admin portal?
  5. Modify the table and its columns. See How do I use tables in the admin portal?
  6. Search for a Firewall Filtering Rule. 
  7. Configure a NAT Control policy rule. See About NAT Control.

Screenshot of Firewall Filtering Policy page showing buttons and lust used to manage Zscaler cloud-based firewall