Zscaler Cloud Firewall uses deep packet inspection to identify applications and protocols even when they attempt to use non-standard ports. This prevents evasive applications from bypassing policy simply by changing ports or disguising traffic. DPI then sends traffic to the appropriate enforcement engines. Option A (The Cloud Firewall includes Deep Packet Inspection, which detects protocol evasions and sends the traffic to the respective engines for inspection and handling) is correct because DPI is the mechanism that detects protocol evasion.
Why the other options are incorrect:
B. Zscaler Client Connector will prevent evasion on the endpoint in conjunction with the endpoint operating system’s firewall: Zscaler Client Connector is the endpoint agent that steers traffic, authenticates users, reports posture, and supplies ZDX telemetry.
C. As traffic usually is forwarded from an on-premise firewall, this firewall will handle any evasion and will make sure that the protocols are corrected: Relying on an on-premises firewall leaves evasive traffic outside Zscaler’s cloud inspection decision. Zscaler Cloud Firewall uses DPI to identify protocol evasions itself.
D. The Cloud Firewall includes an IPS engine, which will detect the evasion techniques and will just block the transactions as it is invalid: IPS inspects traffic inline for exploit signatures and attack patterns, then blocks or resets offending sessions.
Submit