Secure Web Gateways typically consist of a number of features such as malware protection, URL filtering, content filtering, SSL content scanning, web based DLP capabilities. Deployment methods to look for include proxy, in-line and transparent \ bridge deployments as well as port mirroring\span port capabilities, ability to work with and integrate ICAP and WCCP.
Sorry the delay to answer this question.
Due to Zscaler is a service in the cloud, there is not too much constraints in terms of SSL scanning related to impact on performance or update of ciphers. This is a big advantage. You don't need to be worry about. In terms of complex applications like Office 365, Zscaler provides "one click configuration" for Office 365. In one click you will have applied all rules required for O365.
In general SSL scanning with Zscaler is not a complex task. Time to time you will need to apply some bypasses rules for services or apps (like file sharing) that are using SSL pinning certificates.
Yes. But due to the implementation is in the cloud, the setup is quite different.
From you location, a GRE or IPSEC tunnel to the Zscaler cloud is required. If you forward your HTTP/HTTPS traffic inside the tunnel, Zscaler will intercept it and will apply all security and policy controls.
SSL scanning is easy to do. Simple deploy a SSL root certificate on your pcs and done. There is not restrictions on traffic or impact on performace.
I would be interested to know constraints related to transparent SSL content scanning with this product. Thanks in advance.