top of page
  • Kathleen Maxted

What is Netskope's Cloud Firewall?

Netskope has recently announced updates and enhancements to its SASE portfolio, including its new Netskope Cloud Firewall. In this blog post we break down Netskope’s Cloud Firewall and how it could benefit your organisation as well as some of the other exciting updates from Netskope.

The Netskope Cloud Firewall (CFW) is a firewall-as-a-service offering that helps reduce complexity, lower overall operational expenses, prevent a degraded user experience, and accelerate time-to-value for organisations transforming their security and networking to meet the demands of branch offices and a remote-first workforce.

Netskope Cloud Firewall is fully integrated into the Netskope Security Cloud and offers:

  • Network security for all outbound ports and protocols for safe, direct-to-internet access using the Netskope client on managed devices or via GRE and IPSec tunnels for offices.

  • 5-tuple policy controls, user and group IDs, FQDNs, and wildcards for egress firewall settings, plus seamless FTP ALG support, and full logging (TCP, UDP, ICMP) with event export.

  • Centralized access control, providing simplified management for users and branch offices using one console, one policy engine, and one security platform.

  • Netskope Security Cloud integrates CFW with SWG, CASB, and ZTNA solutions for users and offices, to provide protection to all ports and protocols.

This is not only a new cloud native service which is unified into the Netskope platform under the same console but also uses the same Netskope client footprint, which is used for CASB, SWG and ZTNA for managed devices. It also uses the same branch office steering options used by CASB and SWG.

What are the key benefits?

Firewall Policy Controls - Include 5-tuple (source / destination address and port, protocol), user-IDs and group-IDs, FQDNs and wildcards for egress firewall policy settings.

FTP Application Layer Gateway - Enables seamless use of FTP through cloud edge network address translation services.

Firewall Event Logging - Full logging of all desired CFW events (TCP, UDP, ICMP), available for export or as part of Netskope Advanced Analytics.

Integrated SASE Architecture - CFW, SWG, CASB, ZTNA, RBI and Advanced Analytics with one platform, one console, one policy engine, and one client to enable consolidation and less complexity.

Lower Cost of Operations - Reduce appliance expenses and maintenance, dependency on endpoint firewalls, and administration efforts with multiple consoles

What other updates did Netskope announce?

Netskope also announced the SaaS Security Posture Management, which is a new service that provides organisations with insight into their security posture of SaaS applications.

According to Gartner, SSPM is defined as “tools that continuously assess the security risk and manage the security posture of SaaS applications. Core capabilities include reporting native SaaS security settings' configuration and offering suggestions for improved configuration to reduce risk."

Some of the benefits of SSPM include:

  • Detect potentially risky settings, misconfiguration, configuration drift, and behavior by comparing against predefined best practice rules and industry standards like CIS, NIST, HIPAA, PCI, CSA, etc.

  • Write custom rules and define custom profiles to fit your organisation’s specific needs.

  • Use Netskope SSPM for workflows and recommendations to guided remediation and resolve security risks.

  • Monitor settings across SaaS apps with unified visibility.

  • Prevent disruption to business workflow with API-enabled protection and continuous monitoring.


Interested in seeing Netskope’s latest enhancements in actions?




bottom of page