Please share with the community what you think needs improvement with Zscaler Cloud Firewall.
What are its weaknesses? What would you like to see changed in a future version?
There are some areas it could improve when it comes to blocking, we have to block some things manually. For example, if we block a top-level domain we have seen that the new IPs come through, the IPs are not blocked. There should be some more granular way of doing it. My only request is if you're blocking something at a top level, the sub-level sub-domains and all those other IPs should be blocked too automatically.
It would be better if they improved their policy, package visibility, and flexibility while we're creating rules for inspection. It could also be cheaper or more things could be included in the basic package. In the next release, I would like better coverage in the Asia Pacific region and better quality of service.
The product could improve its integration with some legacy systems. The solution could offer more simplicity on deployment so that it's not quite so complex sometimes. The solution could benefit from more CASBs - cloud access security brokers.
Currently, the Data Leak Prevention is only for web filtering and there is nothing for email and the USB, so it would be an improvement if that could be included.
The only thing that might be improved would be to enable application of different settings. It's really the difference between having it on premises or on cloud. If you have a next gen firewall from Palo Alto which is the best on-premise solution, then you might be able to configure some things a little more. It's possible that with Zscaler, the customization of some options could be improved a little to match what is available on-premise but because it's on cloud, it doesn't allow application of extra settings.
We've had some concerns with Zscaler, but a new version is coming out that we hope will address them. This is scheduled to be released in March 2020. They've probably done some gap analysis and will be introducing more versatile features according to customer requests. The issue right now is probably that Zscaler is not providing web browser isolation. Another solution, Menlo, offers this. For one customer, we had to send traffic to Menlo to do the isolation for us. It was requested by the customer so that they could integrate any iframe. Zscaler needs to add this type of feature in their next release.
What do you like most about Zscaler Cloud Firewall?
Thanks for sharing your thoughts with the community!
If you could go back in time, would you change your decision to buy that firewall and why?