can Zscaler replace a physical firewall (IPSec VPN, NAT, VLANs)?
Hey all,
I know this has been discussed before, but curious if anything has improved on the Zscaler side and if anyone is running this in production today.
We are exploring whether Zscaler (ZIA/ZPA) can replace our physical firewall.
Our requirements:
- A few IPSec VPN tunnels with contractors
- NAT (inbound/outbound)
- VLAN segmentation internally
- General firewalling
Goal is to eliminate the on-prem firewall if possible.
I understand Zscaler is more cloud proxy / zero trust, so not sure if it can fully cover traditional firewall roles.
Questions:
- Can it realistically replace a firewall in this setup?
- How are you handling IPSec, NAT, and VLANs?
- Are you still running a firewall alongside it?
Appreciate any real-world feedback :)
u/Great-Tomatillo-8267 — 1 day ago