In terms of improvements for Zscaler Cloud Firewall, I think every product has needed enhancements over time, and current functions continuously evolve. I believe the integration of AI could improve the dashboard by making it more agile and effective in monitoring and predicting threats. AI has the potential to help manage the rapidly changing landscape of technology and threats, which is becoming more complex every day. The more AI can be introduced, the better it can serve in monitoring.
There are several areas for improvement. Firstly, the GUI is outdated, with noticeable lags and delays, especially when generating reports for past transactions. Additionally, the reverse proxy feature for Data Loss Prevention (DLP) is missing, and some features found in competitors like Netskope and Palo Alto are absent in Zscaler Cloud Firewall.
IT Security at a manufacturing company with 11-50 employees
Real User
Top 20
Jan 13, 2025
I'm trying to test Twingate since it will remove all these kinds of VPNs. This is the best solution, actually. For the moment, this is what I'm looking for. If there is a solution that can enable me to have a dashboard for the devices deployed using Twingate, I would appreciate it. For now, there is no dashboard or network management system available for Twingate. I need to access their website and do the operation side by side. I don't have the visibility of a control dashboard or a network management system. This is a missing point, actually. If there is a solution that could manage this, Twingate would be the best.
Apart from the issues associated with the product in areas like the DC performance issues and DC failover, Zscaler Cloud Firewall's IP should not have a proxy IP.
Sr.technical consultant at Navigator Systems Prt. Ltd.
Consultant
Nov 17, 2023
Pricing is a challenge. Organizations with more than 1000 users get a better price. Below 1000 users, we do not get good prices. The competitors leverage their prices to attract customers.
When it comes to customer support, there is room for improvement in Zscaler's service. While it's not the worst, it could be more client-centric. One significant area that needs attention is the geographical coverage of its data centers. Although they have prominent data centers worldwide, they are not evenly distributed, particularly in remote locations. For global multinationals, expanding data center coverage is essential to reduce latency and provide better service. Improved reporting features that automatically adjust to the user's location and offer more granular insights into non-business traffic usage would be beneficial for organizations looking to manage their network effectively.
Zscaler has a marketing strategy where they provide certain product lines with similar products within it. However, they do not provide a few components that are fundamental to differentiate the said products. It is their way of doing business.
Java Software Engineer at a computer software company with 5,001-10,000 employees
Real User
Jul 4, 2023
The solution's deployment process and technical support services could be better. Also, it could have more functionalities similar to other legacy firewall applications.
We are having some issues with internet access being denied when organizational ID-based policies change. For example, a lower level employee ends up getting the same level of access as that of a higher level employee. What happens is that the organization ID does not match the one we allowed in Zscaler. As a result, we have to allow each organization ID one at a time in the Zscaler Portal. There are also problems with the mapping of the geographic location of an IP address. For example, the IP address might be in India, but the geographical location may be mapped to a US location. In the next release, I would like to see user-based access. I would like to be able to create user-based policies so that the user can be placed in the correct AD group and get access easily.
I don't see any other improvements required with regards to the use cases that we have. I think they are good for now. I have no complaints. It would be nice to have some sort of a form factor, a physical form factor perhaps, or virtual machine that you could install on devices or on a cloud, and have some cloud computing. That provides the segmentation capabilities within the environment itself, instead of going all the way to Zscaler cloud and then coming back and get all the inspection capabilities. That's definitely one thing that I would want Zscaler to explore. That would serve 100% of use cases that I look for as an architect.
Implementation Engineer at a tech vendor with 201-500 employees
Real User
Nov 24, 2021
There are some areas it could improve when it comes to blocking, we have to block some things manually. For example, if we block a top-level domain we have seen that the new IPs come through, the IPs are not blocked. There should be some more granular way of doing it. My only request is if you're blocking something at a top level, the sub-level sub-domains and all those other IPs should be blocked too automatically.
IT Security Manager at a retailer with 10,001+ employees
Real User
Aug 10, 2021
It would be better if they improved their policy, package visibility, and flexibility while we're creating rules for inspection. It could also be cheaper or more things could be included in the basic package. In the next release, I would like better coverage in the Asia Pacific region and better quality of service.
Chief Executive Officer at a tech services company with 1-10 employees
Consultant
Feb 22, 2021
The product could improve its integration with some legacy systems. The solution could offer more simplicity on deployment so that it's not quite so complex sometimes. The solution could benefit from more CASBs - cloud access security brokers.
Director at a tech services company with 1-10 employees
Reseller
Aug 2, 2020
Currently, the Data Leak Prevention is only for web filtering and there is nothing for email and the USB, so it would be an improvement if that could be included.
The only thing that might be improved would be to enable application of different settings. It's really the difference between having it on premises or on cloud. If you have a next gen firewall from Palo Alto which is the best on-premise solution, then you might be able to configure some things a little more. It's possible that with Zscaler, the customization of some options could be improved a little to match what is available on-premise but because it's on cloud, it doesn't allow application of extra settings.
We've had some concerns with Zscaler, but a new version is coming out that we hope will address them. This is scheduled to be released in March 2020. They've probably done some gap analysis and will be introducing more versatile features according to customer requests. The issue right now is probably that Zscaler is not providing web browser isolation. Another solution, Menlo, offers this. For one customer, we had to send traffic to Menlo to do the isolation for us. It was requested by the customer so that they could integrate any iframe. Zscaler needs to add this type of feature in their next release.
Zscaler enables the world’s leading organizations to securely transform their networks and applications for a mobile and cloud first world. Its flagship services, Zscaler Internet Access and Zscaler Private Access, create fast, secure connections between users and applications, regardless of device, location, or network. Zscaler services are 100% cloud-delivered and offer the simplicity, enhanced security, and improved user experience that traditional appliances or hybrid solutions are...
In terms of improvements for Zscaler Cloud Firewall, I think every product has needed enhancements over time, and current functions continuously evolve. I believe the integration of AI could improve the dashboard by making it more agile and effective in monitoring and predicting threats. AI has the potential to help manage the rapidly changing landscape of technology and threats, which is becoming more complex every day. The more AI can be introduced, the better it can serve in monitoring.
There are several areas for improvement. Firstly, the GUI is outdated, with noticeable lags and delays, especially when generating reports for past transactions. Additionally, the reverse proxy feature for Data Loss Prevention (DLP) is missing, and some features found in competitors like Netskope and Palo Alto are absent in Zscaler Cloud Firewall.
I'm trying to test Twingate since it will remove all these kinds of VPNs. This is the best solution, actually. For the moment, this is what I'm looking for. If there is a solution that can enable me to have a dashboard for the devices deployed using Twingate, I would appreciate it. For now, there is no dashboard or network management system available for Twingate. I need to access their website and do the operation side by side. I don't have the visibility of a control dashboard or a network management system. This is a missing point, actually. If there is a solution that could manage this, Twingate would be the best.
Apart from the issues associated with the product in areas like the DC performance issues and DC failover, Zscaler Cloud Firewall's IP should not have a proxy IP.
Pricing is a challenge. Organizations with more than 1000 users get a better price. Below 1000 users, we do not get good prices. The competitors leverage their prices to attract customers.
When it comes to customer support, there is room for improvement in Zscaler's service. While it's not the worst, it could be more client-centric. One significant area that needs attention is the geographical coverage of its data centers. Although they have prominent data centers worldwide, they are not evenly distributed, particularly in remote locations. For global multinationals, expanding data center coverage is essential to reduce latency and provide better service. Improved reporting features that automatically adjust to the user's location and offer more granular insights into non-business traffic usage would be beneficial for organizations looking to manage their network effectively.
Zscaler has a marketing strategy where they provide certain product lines with similar products within it. However, they do not provide a few components that are fundamental to differentiate the said products. It is their way of doing business.
The solution's deployment process and technical support services could be better. Also, it could have more functionalities similar to other legacy firewall applications.
We are having some issues with internet access being denied when organizational ID-based policies change. For example, a lower level employee ends up getting the same level of access as that of a higher level employee. What happens is that the organization ID does not match the one we allowed in Zscaler. As a result, we have to allow each organization ID one at a time in the Zscaler Portal. There are also problems with the mapping of the geographic location of an IP address. For example, the IP address might be in India, but the geographical location may be mapped to a US location. In the next release, I would like to see user-based access. I would like to be able to create user-based policies so that the user can be placed in the correct AD group and get access easily.
I don't see any other improvements required with regards to the use cases that we have. I think they are good for now. I have no complaints. It would be nice to have some sort of a form factor, a physical form factor perhaps, or virtual machine that you could install on devices or on a cloud, and have some cloud computing. That provides the segmentation capabilities within the environment itself, instead of going all the way to Zscaler cloud and then coming back and get all the inspection capabilities. That's definitely one thing that I would want Zscaler to explore. That would serve 100% of use cases that I look for as an architect.
There are some areas it could improve when it comes to blocking, we have to block some things manually. For example, if we block a top-level domain we have seen that the new IPs come through, the IPs are not blocked. There should be some more granular way of doing it. My only request is if you're blocking something at a top level, the sub-level sub-domains and all those other IPs should be blocked too automatically.
It would be better if they improved their policy, package visibility, and flexibility while we're creating rules for inspection. It could also be cheaper or more things could be included in the basic package. In the next release, I would like better coverage in the Asia Pacific region and better quality of service.
The product could improve its integration with some legacy systems. The solution could offer more simplicity on deployment so that it's not quite so complex sometimes. The solution could benefit from more CASBs - cloud access security brokers.
Currently, the Data Leak Prevention is only for web filtering and there is nothing for email and the USB, so it would be an improvement if that could be included.
The only thing that might be improved would be to enable application of different settings. It's really the difference between having it on premises or on cloud. If you have a next gen firewall from Palo Alto which is the best on-premise solution, then you might be able to configure some things a little more. It's possible that with Zscaler, the customization of some options could be improved a little to match what is available on-premise but because it's on cloud, it doesn't allow application of extra settings.
We've had some concerns with Zscaler, but a new version is coming out that we hope will address them. This is scheduled to be released in March 2020. They've probably done some gap analysis and will be introducing more versatile features according to customer requests. The issue right now is probably that Zscaler is not providing web browser isolation. Another solution, Menlo, offers this. For one customer, we had to send traffic to Menlo to do the isolation for us. It was requested by the customer so that they could integrate any iframe. Zscaler needs to add this type of feature in their next release.