Order of policy enforcement
When an end user generates a web request and when that request reaches the Zscaler PSE, the PSE first enforces the Browser Control policy. If the end user's browser does not meet the enterprise requirements, that request will be blocked. The FTP Control policy acts next, based on the policy configuration. It is followed by the URL and Cloud App Control policy, and then the SSL Inspection policy.
If the request satisfies the conditions mentioned previously, it is next enforced by the Malware Protection policy, followed by the Advanced Threat Protection policy, the Upload File Type Control policy, the Upload Bandwidth Control policy, the Data Loss Prevention policy, and finally, the Firewall and DNS Control policy. If the request survives all these policies, it can proceed.
When the response to that initial end user request arrives at the Zscaler PSE, the policy order is reversed. The response goes through the Inbound Malware Protection policy,...