Review the firewall configuration requirements and the destination IP addresses of the service, and then make the necessary configuration changes. To view the firewall requirements, log in to the Zscaler service and from the Help menu at the top of any window, choose Cloud Configuration Requirements.
Review the Traffic Forwarding Requirements section. To restrict web access to the Zscaler service only, configure your firewalls to allow outbound traffic from all clients to the service.
Additionally, ensure that you define firewall policies that do not allow traffic to bypass the service and go directly to the Internet, unless it’s explicitly allowed. To deter users with admin rights from installing non-standard browsers to circumvent the Zscaler service, you can use firewall rules to force users to browse through the Zscaler service only.