Please, send us your questions to

1. Why the Cloud Security Connector?

In order to achieve a perfect configuration to Zscaler Cloud Services you need a device that is:

  • Stateful Firewall to protect from external attacks.
  • Load Balancer for proper selection of Zscaler nodes and tracking connections for ZEN node redundancy.
  • able to do Layer 7 keepalives to check that Zscaler services are working properly.
  • able to provide Local redundancy (Clustering).
  • a Router.
  • able to do GRE tunnels.

Current legacy market solutions can provide some of this functionalities but not all at the same time and properly tuned for Zscaler.

2. Will the CSC suffer performance issues with the time like Firewalls or UTMs?

No. The CSC is not scanning traffic at all that can affect the performance with the time. The CSC is only re-writing IP packets and encapsulating the packets on GRE tunnels. 

3. Can I pass all ports and protocols over the CSC or just HTTP and HTTPS?

Yes, you can pass all ports and protocols. 

4. Can I replace my UTM at a branch with the Cloud Security Connector?

Yes (if only outbound connections are in use). Zscaler provides Cloud (L4) Firewall with all packages and Next Gen Firewall as Add On. With CSC plus Zscaler Cloud Firewall you will be able to protect your branch and to manage all your FW policies from the Zscaler GUI.
More info at:

5. How to configure the CSC?

The CSC comes with all configuration requirements. You only need to fill a web form with your IP address information and after 24 hs you will receive an OVA file with the perfect configuration for Zscaler.

6. Why I cannot configure the CSC?

The CSC is a product + configuration. We consider that the era of product + training + manuals + certification + something else is over. Customers needs solutions and not extra work (and potential problems). Even when to do a couple of GRE tunnels looks simple, to achieve the perfect configuration requires a lot of tuning on different technologies that are interacting like: Routing, Firewall, Load Balancing, Clustering, etc; and Quality & Assurance tests.

A router Cisco, that cannot do all the tasks that the CSC does, requires about 60 commands to write and 120 parameters to insert. This is insane and prone to mistakes. (if you have time to waste, you can count the commands and parameters on this example:

7. Can I place the CSC behind a Firewall?

Yes, you can. You only need to do some NAT rules. Please, refer to the Administration Guide for details