The Zscaler service provides integrated cloud-based next-generation firewall capabilities that allow granular control over your organization’s outbound TCP, UDP and ICMP traffic. This includes Firewall and DNS dashboards, giving your organization visibility into applications running in your networks.
By default, the Zscaler firewall allows all non-HTTP/HTTPS traffic from your network to the Internet. You can configure policies that define which types of traffic are allowed from specific sources and to specific destinations and at scheduled times.
You can configure the following firewall policies:
Configuring Firewall Policies requires configuring the three policies above as applicable and enabling the firewall for your locations. You may also need to create source and destination IP groups, modify network services, create network application groups, and configure custom ports.
Note that configuring a firewall policy requires the following:
For information on the order in which the service enforces all policies, including this policy, see How does the Zscaler service enforce policies?