Cloudflare's Zero Trust Network Access (ZTNA) technologies create secure boundaries around applications. When resources are protected with ZTNA, users are only allowed to access resources after verifying the identity, context, and policy adherence of each specific request. Cloudflare's Zero-Trust-as-a-Service model enables users to deploy access controls on the company's instant-on cloud platform, backed by Cloudflare's global network.
N/A
Zscaler Private Access
Score 7.9 out of 10
N/A
Zscaler Private Access™ (ZPA) gives users secure access to private apps and OT devices while enabling zero trust connectivity for workloads.
As long as all Cloudflare products and services rely on anycast technology, in a complex approach Cloudflare is faster and more relevant for cloud applications. The balance between security and performance is fully established. Also, Cloudflare has quite a good stack for API …
Cloudflare Gateway does not require local resources and hardware to implement, is very simple and efficient, easy to use, and has clear analytics. It is backed by a very fast DNS resolver in the market.
Ivanti had its moment. However moving to Zscaler Private Access was the best decision for us. Zscaler Private Access is faster, smoother UI and has heaps of feature that, in my opinion, makes it tower over Ivanti. The authenticate early option, ensures we don't loose connection …
All of these tools are for different needs. Zscaler Private Access being for internal seems very simple as it really only allows filtering up to L4 whereas ZIA allows for filtering up to L7. ZDX often tries to give insight into the environment but since it only works with …
Zscaler Private Access was chosen
as trusted VPN system versus Cisco, due to better licensing model, more
flexible configuration of the security protocols, verification scenarios. Also it
We had a nightmare experience with Prisma Access. The tool was not the most intuitive, and their peripherals to make it more secure were not efficient. Their integration with other tools to provide MFA was mediocre at best. That is the main reason we decided to explore …
Well ZPA is a good solution, however everyone has their own advantage and disadvantages, with ZPA you can deploy ZTNA model, which will help you better control on access, however Palo Alto, Fortinet they are also market leading firewall solution, and you can not deny if they …
We originally used Cisco AnyConnect but when the pandemic hit and everyone started working remotely the Cisco VPN just couldn't handle the massive increase in users. The connection was unreliable both inability to connect and stay connected. It also seemed to include a lot more …
I wanted to securely connect to my servers without getting tracked by malicious attackers, even though I was on public Wi-Fi. Security was my top priority, and I also wanted a setup that was easy and quick to start and provided great network performance. Cloudflare's Zero trust matches my criteria for becoming my first choice.
The tool is, for the most part, very intuitive. Most of our issues so far (working through them with our Resident Engineer) are the one-off applications. We are working on some exemptions to make them functional. Besides that, the team loves the tool and how it can provide better security than our previous tool.
Cloudflare picks the nearest device location to route the traffic, but It would be great if we could select any particular location.
Cloudflare enables monitoring for all the connected clients; it would be great if we could monitor any individual client device while keeping some client devices private.
Sometimes, its DNS is not able to resolve a few project websites; we have to manually purge the cache and even disable the Security to get the work done. So, it would be better if we could manually provide a DNS list or whitelist some websites.
Application Segmentation and Listener Configuration - The way applications are defined and listened for is fundamental to ZPA, but can be a source of frustration, especially when dealing with legacy or non-HTTP protocols
The ZCC is the user's primary gateway, but its control over local system network behavior can sometimes clash with enterprise requirements.
Within a few hours, new engineers are trained in basic tasks and are quite happy they are able to resolve issues independently. After SSO is configured, onboarding is as simple as signing into m365 via a web browser popup.
Few things stand out. The ease of access: It very convenient - one click to open add details and done. Packet capture: Can't talk enough about this feature. Troubleshooting private access is always problematic,but this feature helped a lot. One thing that can be improved is early warning about expiring authentication
As long as all Cloudflare products and services rely on anycast technology, in a complex approach Cloudflare is faster and more relevant for cloud applications. The balance between security and performance is fully established. Also, Cloudflare has quite a good stack for API connection protection, like the API Shield example, which makes it more effective compared to F5 for example. Warp as a ZTNA agent gives better visibility and device posture information than FortiClient does.
All of these tools are for different needs. Zscaler Private Access being for internal seems very simple as it really only allows filtering up to L4 whereas ZIA allows for filtering up to L7. ZDX often tries to give insight into the environment but since it only works with preconfigured items, that then means when a new problem shows up - ZDX isn't helpful troubleshooting postmortem. For the internal side of the house - Zscaler Private Access' strength is its simplicity to configure.
Positive: We have now charged users internally for the service
Negative: Dealing with users who also have the Zscaler Client Connector for their company, can cause confusions
Negative: Enabling the Zscaler Internet Access entitlement has been a major headache for us because Zscaler Private Access users can't autheniticate through ZIA on a non corporate device.