The Zscaler Cloud Firewall is built upon a proxy-based architecture that performs Deep Packet Inspection (DPI) on all traffic, regardless of the port used. This core capability allows the firewall to identify the true protocol and application of a data stream, even if it attempts to use a non-standard port to evade detection. Once the application is correctly identified through DPI, the traffic is passed to the relevant policy and threat inspection engines within the Zscaler Zero Trust Exchange. This ensures that security policies are applied accurately based on the application's identity, not just its port, effectively neutralizing evasion techniques.

B. Zscaler Client Connector's primary function is to securely forward traffic to the Zscaler cloud for inspection, not to perform local evasion detection.

C. The Zscaler service is designed to inspect traffic directly in the cloud, often replacing or augmenting on-premise firewalls, not relying on them for evasion detection.

D. While the Intrusion Prevention System (IPS) is a component, DPI is the foundational technology for identifying the protocol. The action is policy-driven, not limited to just blocking.

1. Zscaler. (n.d.). Cloud Firewall [Data Sheet]. Retrieved from Zscaler resources. In the "Key Features" section

it states

"Full DPI for all ports and protocols. Zscaler identifies applications and protocols regardless of the port they use

preventing unauthorized applications and protocol tunneling."

2. Zscaler Help Portal. (2024). About Firewall Control. "The Zscaler service provides full deep packet inspection (DPI)

allowing you to control and protect your traffic. You can create policies to control network applications..." This confirms that DPI is the mechanism used to identify applications for policy control.

3. Zscaler Help Portal. (2024). Understanding the Zscaler Architecture. "The Zscaler patented proxy architecture provides full inline inspection of all your user traffic... The single-scan multi-action (SSMA) technology inspects all traffic in a single pass." This document describes the core inspection engine that enables DPI across all traffic.