Comprehensive Guide to Zscaler's Zero Trust SD-WAN Offerings
Product Overview
Zscaler Zero Trust SD-WAN provides secure, cloud-enabled networking solutions designed to optimize performance while maintaining a zero-trust security posture. This approach eliminates lateral threat movement and reduces ransomware risk by ensuring direct, secure access to applications without extending the network's attack surface.
SecureDynamics' Perspective: Zero Trust SD-WAN Transforming the SD-WAN Market
SecureDynamics believes that the advent of Zero Trust SD-WAN is set to revolutionize the traditional SD-WAN market. By shifting the focus from routing traffic between sites to seamlessly connecting users directly to their applications and interlinking workloads through the Zero Trust Exchange, organizations can achieve enhanced security and efficiency. This paradigm shift eliminates the need for traditional network-based trust models, thereby reducing potential attack surfaces and simplifying network architectures.
Jay Chaudhry, CEO of Zscaler, has emphasized that traditional SD-WAN approaches are contrary to zero trust principles, as they often allow broad network access once a user is connected. He asserts that zero trust should only permit connections to specific applications, aligning with the principle of least privilege.
In line with this perspective, SecureDynamics advocates for a transition towards Zero Trust SD-WAN architectures. This approach not only enhances security by enforcing strict access controls but also streamlines network management by focusing on application-level connectivity rather than complex network routing. As organizations recognize these benefits, SecureDynamics anticipates a significant shift in the SD-WAN market towards zero trust models, fundamentally altering how enterprises design and secure their networks.
Zero Trust SD-WAN SKUs
Zero Trust SD-WAN: Advanced
SKU: ZT-SDWAN-ADV
- Pricing Meter: Per-Site Per-Year
- Description: A virtual appliance supporting up to 50 non-OT devices per site with 100GB of monthly traffic. It offers visibility, connectivity to Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA), gateway features (WAN, LAN, DNS, DHCP), and path selection. This solution simplifies branch connectivity by eliminating the need for traditional VPNs and complex routing, thereby reducing infrastructure costs and enhancing application performance.
- Other SKUs Required:
- ZT-SDWAN-400 (1 per site)
- ZT-SDWAN-600 (1 per site)
- ZT-SDWAN-800 (1 per site)
- Prerequisites: ZS-ESSENTIALS or ZS-PLATFORM, Minimum 500 users on Platform.
Zero Trust SD-WAN: Advanced Plus
SKU: ZT-SDWAN-ADV-PLUS-UPGRADE- Pricing Meter: Per-Site Per-Year
- Description: An upgrade from ZT SD-WAN Advanced, this offering includes IoT/OT classification, tagging, IoT policy control, and advanced firewall features (IPS/IDS). It enhances security by providing deeper visibility into IoT devices and implementing zero trust policies for both IoT and OT environments.
- Prerequisites: ZS-ESSENTIALS or ZS-PLATFORM, Minimum 500 users on Platform.
Zero Trust SD-WAN Appliances
These appliances facilitate zero-touch provisioning and automated deployment (a favorite feature here at SecureDynamics), simplifying branch operations and enhancing network security by eliminating lateral threat movement.
| Product | SKU | Pricing Meter | Throughput | Devices Per Site | Monthly Data Txfr | Prereq. | Min Qty |
| ZT 400 | ZT-SDWAN-400 | Per Box Per Year | Up to 200 Mbps | 50 (IoT/OT) | 100GB | ZS-ESSENTIALS or ZS-PLATFORM | 5 units across all |
| ZT 600 | ZT-SDWAN-600 | Per Box Per Year | Up to 500 Mbps | 100 (IoT/OT) | 200GB | ZS-ESSENTIALS or ZS-PLATFORM | 5 units across all |
| ZT 800 | ZT-SDWAN-800 | Per Box Per Year | Up to 1 Gbps | 200 (IoT/OT) | 400GB | ZS-ESSENTIALS or ZS-PLATFORM | 5 units across all |
Zero Trust SD-WAN High Availability (HA) Appliances
These HA appliances ensure service continuity with automatic failover and N+2 redundancy, maintaining seamless operations even during hardware failures.
| Product | SKU | Pricing Meter | Notes |
| ZT 400 HA | ZT-SDWAN-400-HA | Per Box Per Year | Must be ordered with ZT-SDWAN-400; Quantity cannot exceed ZT-SDWAN-400 count. |
| ZT 600 HA | ZT-SDWAN-600-HA | Per Box Per Year | Must be ordered with ZT-SDWAN-600; Quantity cannot exceed ZT-SDWAN-600 count. |
| ZT 800 HA | ZT-SDWAN-800-HA | Per Box Per Year | Must be ordered with ZT-SDWAN-800; Quantity cannot exceed ZT-SDWAN-800 count. |
Additional Capacity Options
These options allow organizations to scale their SD-WAN capabilities in alignment with evolving network demands, ensuring consistent performance and security.
| Product | SKU | Pricing Meter | Notes |
| Additional Devices | ZT-SDWAN-DEV | Per Device Per Year | Supports up to 2GB additional per device; requires ZT-SDWAN-ADV or ZT-SDWAN-ADV-PLUS. |
| Additional Data | ZT-SDWAN-GB | Per GB of Monthly Traffic Per Year | Requires ZT-SDWAN-ADV or ZT-SDWAN-ADV-PLUS; minimum 100GB per site. |
Ordering Considerations
- ZT-SDWAN-ADV and ZT-SDWAN-ADV-PLUS require a minimum of 500 users on ZS-PLATFORM or ZS-ESSENTIALS.
- ZT-SDWAN-400, ZT-SDWAN-600, and ZT-SDWAN-800 require a minimum of 5 units across all appliance models.
- HA appliances (ZT-SDWAN-400-HA, ZT-SDWAN-600-HA, ZT-SDWAN-800-HA) must be purchased in a quantity equal to or less than the primary appliances.
- Additional device and data subscriptions are available if the base limits are exceeded.
- Check with Zscaler or SecureDynamics for which SFP ports to use with the ZT-SDWAN-800 appliances.
For more details, contact SecureDynamics for assistance with Zscaler licensing, implementation, and managed services.
Note: Requirements are subject to change. Always validate with SecureDynamics or Zscaler's latest documentation.*