Get your copy of Security Service Edge (SSE) for Dummies. Get the eBook

Netskope productsNetskope Cloud Firewall

Netskope Cloud Firewall

Secure all ports and protocols with cloud-based firewall rules for user and office egress traffic with central administration, global access with NewEdge data centers, and single pass Secure Access Service Edge (SASE) architecture built into the Netskope Security Cloud.

Firewall-as-a-Service (FWaaS) enables consolidation, less complexity, and lower cost of operations

Netskope Cloud Firewall (CFW) provides network security on outbound traffic across all ports and protocols for users and offices. CFW policy controls include 5-tuple (source and destination addresses and ports with protocol), plus user-IDs and group-IDs, fully qualified domains and wildcards as destinations, an application layer gateway for FTP, and tracking events for firewall logging.


Watch the demo

Netskope Cloud Firewall diagram

The Netskope
Security Cloud

See our platform →
Netskope security cloud platform

Unrivaled visibility. Real-time data and threat protection.

The Netskope Security Cloud provides unrivaled visibility and real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device. Only Netskope understands the cloud and takes a data-centric approach that empowers security teams with the right balance of protection and speed they need to secure their digital transformation journey.

Netskope security cloud platform

Secure all egress ports and protocols for users and offices


Protect users

Provide network security for outbound traffic on all ports and protocols for safe direct internet access with the Netskope client on managed devices.


Secure offices

Provide network security for all outbound ports and protocols for safe direct to internet access via IPsec and GRE tunnels for any user or device.


Centralized access control

Secure remote users and branch offices with firewall-as-a-service (FWaaS) using one console, one policy engine, and one cloud platform.


Consolidate and reduce complexity

Integrated SASE cloud security platform with CFW, RBI, Next Gen SWG, CASB, and ZTNA solutions with single-pass architecture.


Global access and performance

Built on NewEdge, the world’s largest highest performing private security cloud for security at the edge where it is needed with a five 9s SLA and health trust portal.

The office as we know it is over—and that’s a good thing. 2021 will be the year we finally get to enjoy the true benefits of the remote work revolution.

—Jared Lindzon, Fast Company, January 2021
Fast Company logo

Features and benefits

Firewall policy controls

Firewall policy controls

Include 5-tuple (source / destination address and port, protocol), user-IDs and group-IDs, FQDNs and wildcards for egress firewall policy settings.

FTP application layer gateway

FTP application layer gateway

Enables seamless use of FTP through cloud edge network address translation services.

Firewall event logging

Firewall event logging

Full logging of all desired CFW events (TCP, UDP, ICMP), available for export or as part of Netskope Advanced Analytics.

Integrated SASE architecture

Integrated SASE architecture

CFW, SWG, CASB, ZTNA, RBI and Advanced Analytics with one platform, one console, one policy engine, and one client to enable consolidation and less complexity.

Cloud scale and performance

Cloud scale and performance

NewEdge provides cloud scale and performance and removes the issues of firewall appliances, hair pinning traffic, and a poor user experience.

Lower cost of operations

Lower cost of operations

Reduce appliance expenses and maintenance, dependency on endpoint firewalls, and administration efforts with multiple consoles.

Next Generation Secure Web Gateway - solution brief

Next Gen Secure Web Gateway

Netskope Threat Protection - data sheet

Netskope Threat Protection

Netskope Private Access - data sheet

Netskope Private Access

Accelerate your security program with the SASE leader.