Most people use Zscaler SASE as a replacement for VPNs. You know, with a VPN, once you establish connectivity to the network, you have unrestricted access. But with Zscaler SASE, you have strict access control. You don't get any access unless you adhere to the policies set in Zscaler. 

So, you can control who has access to specific applications at a URL level rather than granting access at the physical IP level. That's what most people appreciate about it. IPs provide access to everything on the machine, whereas Zscaler SASE provides access to specific services within the network. 

The most valuable feature is its ability to establish connectivity for remote users and remote endpoints. It offers a high level of granularity compared to typical VPNs, which also encapsulate a lot of I/O. By using Zscaler SASE for home access or access in remote areas, it bypasses the issues introduced by ISPs. 

Sometimes ISPs block certain protocols or applications, but when everything is encapsulated within the Zscaler Cloud, the ISPs don't get a chance to interfere or block. This is especially helpful when it comes to file sharing. Sometimes ISPs block it, so we can't share files using cloud services remotely. Zscaler SASE gives non on-premise users the ability to securely access and sync with on-premise resources.

The area that requires improvement is their support. The current support is lacking. 

Other than that, once you have the right people on the phone, the product performs as advertised. However, multiple clients have complained about the support. 

I have been working with Zscaler SASE for two years. 

When it comes to stability, it's similar to any outsourced service. There will always be some outages because of the global nature of the network and the involvement of various cloud providers. There are many moving parts. I don't anticipate more frequent outages, but it's important to acknowledge that Zscaler is not flawless.

I haven't encountered any clients who have had problems with scalability or performance issues. There were a couple of outages less than six months ago, but that's to be expected. Every service experiences occasional outages. It's like having allergies; every product at a global scale will have such issues. 

I have heard a lot of complaints from my clients about the support. Even VMware's support has declined since it got acquired by Broadcom. 

So, we're not receiving the kind of support we used to get, like from Cisco. It's more akin to Microsoft and internal support.

Neutral

The initial setup does take some time to get used to. Zscaler does a good job with its specialized services in setting up and installing the product. 

Once you start using the product, any issues that arise are generally handled well. The support is not as terrible as it may seem at first. While there may be instances where one technician transfers the case to another technician, it doesn't mean starting the entire process from scratch.

However, most people are deploying it on AWS or Azure. I have some clients who still prefer on-premises deployment. It depends on their specific requirements.

The pricing is quite high, especially when it comes to the gateway. It costs around $10,000 per gateway per data center, which can be seen as ridiculous. Other cloud-based solutions charge based on the number of clients without the need for a gateway for each data center. 

This pricing approach doesn't sit well with my clients anymore. When Zscaler SASE had a monopoly in the market, it could get away with it, but now there are alternatives cutting into its market share.

I would rate Zscaler's pricing model as an eight out of ten, with one being cheap and ten being expensive. 

There are other solutions like VMware that also have high costs, but Zscaler SASE stands out because of the expensive gateway for each data center. It's not a cheap implementation. 

Every time you set up an Azure data center, you have to spend another $10,000 to $15,000 on a gateway. It adds up quickly. Creating a VPN between data centers might be an alternative, but it introduces a single point of failure. So, that pricing policy alone makes it very expensive.

It's a great product. My advice for those considering using it is to understand the concept of zero access. It's different from just having VPN access. If someone can perform a DNS lookup, they still have access. 

People are often stuck in a VPN-centric mindset. It requires a paradigm shift, similar to transitioning from traditional applications to Microsoft applications. Instead of focusing on what services the user needs, it's about restricting access to specific applications regardless of the user. Once you embrace this mindset, it becomes easier to navigate. It's not a major impact, but it does require a change in thinking.

Overall, I would rate this product an eight out of ten, with the exception of pricing and support issues. It is one of the better implementations available, surpassing Cloudflare's capabilities. However, there are still areas for improvement, particularly in terms of pricing and support.