How to use Zscaler firewall and cloud policy

Posted by

Mobile and Firewall Policy Areas in Zscaler

We can discuss Zscaler firewall and mobile policy – The Firewall policy area allows the configuration of Access Control policies for the Zscaler Basic and Advanced Cloud
Firewall capability.

There are two types of Subscription available in Zscaler below-

Basic Cloud Firewall subscription, – you can only create Firewall rules using the 5 well-known tuples:
source and destination IP addresses; source and destination ports; and protocol

Advanced Cloud Firewall – make use of the Zscaler default Network Services, and Network
Application definitions, or create your own custom services

If want to enable cloud firewall into exiting location use below steps-

enable the Cloud Firewall for an existing location. From the Administration menu, click Locations

Edit icon for the location where you want to enable the Cloud Firewall —

enfore firewall under location save configuration-

And active rule-

If want to manage policy and create go into Cloud Application Control and URL Filtering
policies. but But before we do that, let’s look at the various ways Zscaler classifies traffic for the firewall; Network Services, and Network applications. From the Administration menu

above list of default port provided by Zscaler and here you can to create a custom service as well.

Add same service types under network service group, click the Add Network
Service Group link.

We can use Network Application that identified by Zscaler cloud , this is not working on port or protocol-

Below list of Network application by default-

There are some default application group for Microsoft Office365 applications

Now Configure firewall —

Go into firewall Control

Bydefault there are two rule see- we can change this default rule allow to block for recommended by Zscaler also before block all traffic , you must allow some services like HTTP, https, DNS,SSL above.

when we create new rule we can see below options , please note rule order must define proper because here rule work like top to bottom.

labelled WHO, WHERE, & WHEN, defines to whom the rule will apply. As with Cloud Application and URL
Filtering rules, the User, Group, and Department fields all use a logical OR function; while the Where and Time fields use a logical AND. This rule will apply to the entire organization, so we don’t need to change any criteria here

We use service , source IP and destination , based on requirement.

When we click on Action there are 4 options shows like allow, block/drop, icmp block, use these options based on your requirements.

Enable FTP control –

By default, the Zscaler service does not allow users from a location to upload or download files from FTP sites. You have the option here to enable FTP over HTTP

You also have options for managing the specific sites available to your end users with the native FTP protocol

Alternatively, you can permit native FTP to any URL Category

[the-post-grid id=”9538″ title=””]

Visit Our Store and Buy All document (F5, Zscaler, ASA, Paloalto, Checkpoint,Forescout, Cisco ISE etc) only in  1600RS, click here on store - Store

X
error: Content is protected !!