Zscaler migration

Zscaler to Cloudflare One.

Tap any Zscaler product to focus the mapping.

ZSCALERNANOSEKCLOUDFLAREDiscoverMap usersPilot waveCutoverZIA (SWG)ZPA (ZTNA)ZDXCASB / DLPGateway (SWG)Access (ZTNA)WARPCASBDLPBrowser Isolation

Zscaler → Cloudflare One

From ZIA (SWG), through Discover → Map users → Pilot wave → Cutover, into the Cloudflare destinations on the right.
Discuss your Cloudflare roadmap View checklist
On this page
AI summary Machine-readable context is available at /ai-index.json

Nanosek helps security and network teams compare Zscaler policy models with Cloudflare One, then migrate users, applications, tunnels, device posture, and traffic steering in phases.

cloudflaremigrationzscalercloudflaremigration

Who this is for

Enterprise security, infrastructure, platform, and network teams responsible for public applications or workforce access.
Organizations migrating from legacy CDN, WAF, bot, access, or edge platforms.
Teams that need Cloudflare expertise without slowing down production delivery.

Problems solved

  • Legacy rules and platform behavior are difficult to translate safely.
  • Cutover windows require rollback planning, stakeholder alignment, and live validation.
  • Security controls need tuning before they can move from monitoring to enforcement.
  • Operations teams need logging, ownership, and change control after launch.

Delivery approach

1

Discovery of current architecture, traffic patterns, domains, rules, identities, integrations, and operational constraints.

2

Mapping of existing controls into Cloudflare primitives with clear decisions for keep, replace, simplify, or retire.

3

Staged implementation using test zones, shadow logging, monitor mode, canary traffic, and documented approval gates.

4

Post-cutover tuning, dashboarding, incident workflow alignment, and managed operations handoff.

Architecture

DNS, certificates, origin reachability, cache behavior, and failover paths.
WAF rulesets, custom rules, exceptions, bot signals, API controls, and rate limits.
Identity provider integration, device posture, user groups, tunnels, and access policies where Zero Trust is involved.
Logpush destinations, SIEM fields, alerting, ownership, and retention requirements.

Migration steps

  1. 01 Assess the existing environment and define success criteria.
  2. 02 Create a Cloudflare target architecture and migration backlog.
  3. 03 Build and test controls in monitoring or non-production mode.
  4. 04 Run stakeholder validation and prepare rollback procedures.
  5. 05 Execute phased cutover with live monitoring.
  6. 06 Tune enforcement and transition to managed operations.

Risks and mitigations

Risk

False positives during WAF or bot enforcement.

Mitigation

Start in logging or simulate mode, review traffic, and promote controls gradually.

Risk

DNS or certificate disruption during cutover.

Mitigation

Lower TTLs, validate records, preload certificates, and keep rollback instructions ready.

Risk

Missing visibility after migration.

Mitigation

Configure Logpush, dashboards, alerts, and operational ownership before launch.

Risk

Behavior differences between legacy vendor and Cloudflare.

Mitigation

Use mapping workshops, test cases, and canary validation before full traffic shift.

Deliverables

  • Current-state assessment and risk register.
  • Cloudflare target architecture.
  • Migration or implementation plan.
  • Cutover and rollback runbook.
  • Configured Cloudflare services and validation notes.
  • Post-launch tuning backlog and operating model.

Frequently asked questions

Can Nanosek handle emergency Cloudflare migrations?
Yes. Nanosek can prioritize stabilization work such as DNS onboarding, WAF baseline controls, origin protection, and emergency traffic validation.
Do migrations require downtime?
Most migrations can be planned to avoid downtime, but this depends on DNS, certificate, origin, and application constraints. Nanosek builds rollback and validation steps into the plan.
Can Nanosek manage Cloudflare after launch?
Yes. Nanosek provides managed Cloudflare operations including tuning, monitoring, change support, incident response, and optimization.

Discuss your Cloudflare roadmap

Nanosek can help design and deliver a plan that fits your environment, timeline, and constraints.

Talk to Nanosek Read the Blog
Ready to talk?

Deliver Cloudflare without surprises.

Whether you're migrating, hardening, or operating Cloudflare — Nanosek brings authorized MSP & ASDP delivery, rollback-ready cutovers, and managed operations after launch.

Talk to Nanosek Run readiness assessment