That’s one option that uses a Connector to apply some inspection rules. I was referring to Configuring Forwarding Policy | Zscaler
Your experience on the portal and install process are yours and can’t really be disputed but your other points are incorrect. Cloud Identity Engine is free and there are multiple ways of achieving redundancy that don’t involve a Palo or an additional SC.
I’d question whether this is really noticeable real world. But even if it is, the trade off being no traffic inspection is pretty bad. And I would imagine routing ZPA via ZIA would remove these performance benefits.
You’re full of crap dude. Cloud identity engine was 100% a line item on my quote. Maybe it’s free now which it should be. I don’t use it anymore. Like I said. And maybe there are multiple ways for redundancy on YOUR network. But certainly not the company I was working for at the time.
It’s interesting. Some clients care about inspecting internal applications. Others don’t as they say they have their own protections built into those applications. I think this networking sub is a little skewed to those that are used to ‘scanning’ everything even if they basically can only see network headers.
Some scenarios see significant performance improvements. I know of a situation where the customer threw out the entire Palo stack for Zscaler because of the difference in performance. But that’s going to be application and environment dependent.
I’ve been a customer for almost 3 years and it’s been free the whole time. It even says it in their documentation. Manage: Cloud Identity Engine
It sounds like you may have had an implementation partner that didn’t quite know what they were doing. Doesn’t matter now as it sounds like you’ve found something that works with twingate. I haven’t heard of them but will check them out.
Very true. Palo has recently added a ‘connector’ style option that seems similar to what Zscaler does but with traffic inspection. Keen to try it out to see if it makes any difference.
And I went back and found that old quote. You are correct, I was not charged for CIE. So I apologize for saying you’re full of crap.
It was like it was his 2nd month on the job.
It’s Twingate not tripwire. Check it out. It’s pretty cool. It doesn’t work like anything out there that Ive seen.