Posted on by John Capobianco

NetClaw Adds Zscaler and Cloudflare: Zero Trust Security Through Natural Language

NetClaw Adds Zscaler and Cloudflare: Zero Trust Security Through Natural Language

Zero trust, conversational access. NetClaw now integrates with Zscaler and Cloudflare, bringing 10 new skills for managing zero trust security, DNS, edge networking, and web security. Query policies, inspect tunnels, analyze traffic, and investigate threats—all through natural language.

The Security Perimeter is Everywhere

Modern networks don’t have walls. Users work from anywhere, applications live in multiple clouds, and the "perimeter" is wherever a connection happens. Zscaler and Cloudflare are leaders in this zero trust world:

  • Zscaler: Secure access to applications and internet, wherever users are
  • Cloudflare: Edge security, DNS, and performance at global scale

Now NetClaw speaks both.

Zscaler Integration: 5 Skills

zscaler-zia

Zscaler Internet Access—secure web gateway:

List URL filtering policies in ZIA

Show web security rules for the engineering group

What categories are blocked for guest users?

Get details on the DLP policy for sensitive data

Tools included: list_url_policies, get_url_policy, list_firewall_rules, get_firewall_rule, list_dlp_policies, get_dlp_policy, list_url_categories, get_url_category

zscaler-zpa

Zscaler Private Access—zero trust application access:

List all application segments in ZPA

Show access policies for the internal-apps segment

What connectors are online for the datacenter group?

Get details on the SAP application segment

Tools included: list_application_segments, get_application_segment, list_access_policies, get_access_policy, list_connectors, get_connector, list_connector_groups

zscaler-zdx

Zscaler Digital Experience—endpoint and application performance:

Show ZDX scores for all devices

What's the application performance for Office 365?

List devices with poor network quality scores

Get the digital experience trend for the sales team

Tools included: get_zdx_scores, list_applications, get_application_metrics, list_devices, get_device_details, get_network_metrics

zscaler-identity

User and group management across Zscaler:

List all user groups in Zscaler

Show users in the engineering department

What groups does user john.doe belong to?

Get identity provider configuration

Tools included: list_users, get_user, list_groups, get_group, list_departments, get_idp_config

zscaler-insights

Analytics and reporting:

Show web traffic analytics for the last 24 hours

What are the top blocked categories today?

Get bandwidth usage by department

List security events for the network team

Tools included: get_traffic_analytics, get_security_analytics, get_bandwidth_report, list_audit_logs, get_threat_report

Cloudflare Integration: 5 Skills

cloudflare-dns

DNS management at the edge:

List all DNS zones in Cloudflare

Show DNS records for example.com

What's the TTL for the www A record?

List zones with DNSSEC enabled

Tools included: list_zones, get_zone, list_dns_records, get_dns_record, get_zone_settings, get_dnssec_status

cloudflare-security

Web application security:

List WAF rules for example.com

Show firewall events from the last hour

What custom rules are blocking traffic?

Get the security level for the API zone

Tools included: list_waf_rules, get_waf_rule, list_firewall_events, list_custom_rules, get_custom_rule, get_security_settings, list_rate_limits

cloudflare-zerotrust

Cloudflare Access and Tunnels:

List all Access applications

Show policies for the internal-dashboard app

What Cloudflare Tunnels are configured?

Get connection status for the datacenter tunnel

Tools included: list_access_applications, get_access_application, list_access_policies, get_access_policy, list_tunnels, get_tunnel, list_casb_findings, get_casb_finding

cloudflare-analytics

Traffic insights and Radar data:

Show traffic analytics for example.com today

What are the global Internet traffic trends?

Scan https://suspicious-site.com for threats

Get threat intelligence for IP 1.2.3.4

Tools included: get_zone_analytics, search_logs, get_traffic_insights, scan_url, get_threat_intel, get_internet_trends

cloudflare-workers

Edge compute monitoring:

List all deployed Workers

Show details for the api-gateway Worker

What bindings does my edge-proxy Worker have?

Get build history for auth-worker

Tools included: list_workers, get_worker, get_worker_bindings, list_builds, get_build, get_worker_analytics

Quick Setup

Zscaler

# ZIA (Internet Access)
export ZSCALER_ZIA_API_KEY="your-zia-api-key"
export ZSCALER_ZIA_CLOUD="zscaler.net"
export ZSCALER_ZIA_USERNAME="admin@example.com"
export ZSCALER_ZIA_PASSWORD="your-password"

# ZPA (Private Access)
export ZSCALER_ZPA_CLIENT_ID="your-client-id"
export ZSCALER_ZPA_CLIENT_SECRET="your-client-secret"
export ZSCALER_ZPA_CUSTOMER_ID="your-customer-id"

Cloudflare

export CLOUDFLARE_API_TOKEN="your-api-token"
export CLOUDFLARE_ACCOUNT_ID="your-account-id"

Generate tokens at dash.cloudflare.com → My Profile → API Tokens.

Real-World Security Investigation

Here’s how a security engineer investigates a potential threat:

1. Check Cloudflare for Anomalies

netclaw: Show firewall events for the api zone in the last hour

2. Analyze Traffic Patterns

netclaw: Get traffic analytics for api.example.com today

3. Investigate Suspicious Source

netclaw: Get threat intelligence for IP 203.0.113.42 from Cloudflare Radar

4. Check Zscaler for Internal Activity

netclaw: List security events in Zscaler for users accessing external APIs

5. Verify Access Policies

netclaw: Show ZPA access policies for the internal-api application segment

6. Check User Context

netclaw: What groups does user john.doe belong to in Zscaler?

Complete visibility across edge and access security—through conversation.

Integration Architecture

Both platforms connect through their official MCP interfaces:

{
  "zscaler-mcp": {
    "url": "mcp://zscaler.com/mcp",
    "env": {
      "ZSCALER_ZIA_API_KEY": "${ZSCALER_ZIA_API_KEY}",
      "ZSCALER_ZPA_CLIENT_ID": "${ZSCALER_ZPA_CLIENT_ID}",
      "ZSCALER_ZPA_CLIENT_SECRET": "${ZSCALER_ZPA_CLIENT_SECRET}"
    }
  },
  "cloudflare-observability": {
    "url": "mcp://observability.mcp.cloudflare.com",
    "env": {
      "CLOUDFLARE_API_TOKEN": "${CLOUDFLARE_API_TOKEN}",
      "CLOUDFLARE_ACCOUNT_ID": "${CLOUDFLARE_ACCOUNT_ID}"
    }
  }
}

Cloudflare uses multiple specialized MCP endpoints for different capabilities (DNS analytics, Radar, CASB, Workers builds).

The Complete Security Stack

With Zscaler and Cloudflare joining Palo Alto and Cisco FMC, NetClaw covers the major security platforms:

Platform Domain NetClaw Skills
Palo Alto Next-gen firewall Existing
Cisco FMC Firewall management Existing
Zscaler Zero trust access 5 skills
Cloudflare Edge security 5 skills

Network security engineers can now query across all platforms:

netclaw: Show blocked connections on the Palo Alto firewall,
         check if the source IP is in Zscaler block lists,
         and get threat intel from Cloudflare Radar

Zero Trust Through Conversation

Zero trust means verifying everything, everywhere. That’s a lot of queries across a lot of systems. NetClaw makes this manageable:

Before:

  • Log into Zscaler admin portal
  • Navigate to correct policy section
  • Log into Cloudflare dashboard
  • Check multiple tabs and filters
  • Cross-reference manually

After:

netclaw: Verify that user john.doe can access the SAP application 
         through ZPA and show any recent security events

The security perimeter might be everywhere, but your interface to it doesn’t have to be.

NetClaw now supports 68 MCP servers with 124 skills. Zero trust security just became conversational.

Get started at github.com/automateyournetwork/netclaw

Tweet
Share
Share
Pin
0 Shares

Leave a Reply

Your email address will not be published. Required fields are marked *

Proudly powered by WordPress