r/CloudFlare: Cloudflare access vs Twingate & Zscaler

💡
This article archives a conversation, which took place in a subreddit post (original source linked below) and to which I contributed a solution or answer (with the u/MasterofSynapse handle), in a Q&A format.

Original Reddit post: https://www.reddit.com/r/CloudFlare/comments/ye6tek/cloudflare_access_vs_twingate_zscaler/

Question

Has anyone evaluated Cloudflare's zero trust access product to replace their VPN? My network is mostly AWS at this point with a bare bones office network. Was using Cisco Meraki's VPN to get into the office with IP routing to AWS. Get a couple complaints every week about internet speeds, VPN clients crashing, and generally feels like a PITA to keep it up with most people WFH.

Feels like it's time to put in something new and bosses are supportive. We use Cloudflare for WAF but dev teams also suggested Twingate, and Zscaler has a VPN product. Played around with Cloudflare & Twingate as they have free tiers, while Zscaler is hard to get hands on product to test.

Anyone done a recent deep dive and have real world pros/cons of each?

Answer

I am a growing Cloudflare partner and have deployed CF Zero Trust a few times for me and my clients. Generally, the whole Zero Trust approach has my vote since I see it increasing the general security posture of companies (since every user & device will be authenticated).

I tried Zscaler for a past employer and got to know the company as very egotistical. They didn't want to discuss my pain points with the solution and also didn't act in my own interest. And I have another negative experience with Zscaler since I recently tried to enter a partnership with them for ZT as well. But since I am not the big MSP they may be looking for, I was greeted with a cold shoulder and very bad support from Account Managers and Distribution staff alike.

So out of the three, I can only in good faith recommend you Cloudflare's platform.