Support
      Back to home
      1. SecureDynamics Knowledge Base
      2. Support

      Allowing Network Subnets or Ports in Zscaler Firewall Control

      Overview

      Zscaler firewall policies allow administrators to control network traffic by specifying rules based on subnets, ports, and protocols. This guide provides step-by-step instructions for creating firewall rules to allow specific network subnets or ports in Zscaler.

      Prerequisites

      • Administrative access to the Zscaler portal.
      • A clear understanding of the network subnets and ports that need to be allowed.

      Steps to Allow Subnets

      1. Log in to Zscaler Admin Portal
        • Navigate to Zscaler Admin Portal.
        • Enter your credentials and log in.
      2. Navigate to Firewall Control
        • Go to Policy > Firewall Control in the left-hand menu.
      3. Create a New Rule
        • Click the Add Rule button.
        • Provide a descriptive name for the rule (e.g., "Allow Subnet 192.168.1.0/24").
      4. Define Rule Criteria
        • Under Source Criteria, specify the source subnet by entering the IP address range in CIDR format (e.g., 192.168.1.0/24).
        • Under Destination Criteria, define any specific destination subnets if needed, or leave as "Any" to apply to all destinations.
      5. Set Protocol and Action
        • Choose the protocol (e.g., TCP, UDP, ICMP) from the Protocol dropdown.
        • Set Action to "Allow."
      6. Set Rule Priority
        • Arrange the rule in the appropriate order within the policy table. Higher priority rules are evaluated first.
      7. Save and Apply
        • Click Save and ensure the policy changes are deployed by selecting Activate.

      Steps to Allow Ports

      1. Log in to Zscaler Admin Portal
        • Follow the login instructions above.
      2. Navigate to Firewall Control
        • As described above, access the Firewall Control section.
      3. Create a New Rule
        • Click the Add Rule button and name it descriptively (e.g., "Allow Port 8080").
      4. Define Rule Criteria
        • Specify the source IP or subnet under Source Criteria.
        • Under Destination Criteria, enter the destination IP or subnet if applicable, or leave as "Any."
      5. Define Ports and Protocols
        • Select the appropriate Protocol (e.g., TCP, UDP).
        • Enter the port or range of ports (e.g., 8080 or 8000-8080) under Destination Ports.
      6. Set Action and Priority
        • Set Action to "Allow."
        • Position the rule in the correct priority order.
      7. Save and Apply
        • Save the rule and activate the changes.

      Best Practices

      • Regularly review and update firewall rules to ensure they meet current security and business requirements.
      • Avoid overly permissive rules, such as allowing all subnets or ports, unless absolutely necessary.
      • Use descriptive names for rules to simplify management and troubleshooting.
      • Monitor logs to verify that the rules are functioning as intended.