Connecting the Branch Office ip|engine to the Web Security Gateway

Connecting the Branch Office ip|engine to the Gateway

To connect Branch Office 1 ip|engine to the gateway (see "Use Case 1"), edit its WAN1 parameters by completing the External Gateways panel.

Refer to "Use Case 9" diagram where the ip|engine information is displayed in orange.

From the stack of External Gateways names, select 'Zscaler-gateway - primary'.

Since B01 Public IP address is dynamic and unknown to the Orchestrator, you must enter an Initiator ID which corresponds to the information you defined on the Zscaler Portal (when specifying an FQDN for the VPN credentials). For example, enter 'test@myzscaler.com'.

Note that defining an Initiator ID would be irrelevant if B01 Public IP address was static; in that case, the SD-WAN Orchestrator would use that IP address.

Use the IPsec Pre-Shared key field as follows:

•

If on the Web Security Gateway Platform (Zscaler), the gateway is configured with only one default Pre-Shared Key for all the tunnels connected to this gateway, leave this field blank in the SD-WAN Orchestrator (current Use Case).

•

If in Zscaler, the gateway has a specific PSK value for each tunnel, you should enter a Pre-Shared Key for this tunnel of the B01 ip|engine.

Use the icon different statuses to either display or hide the key.

The tunnel Inside Local IP address and Remote IP address fields are not used; leave them blank.

You may filter the redirected traffic by local subnet. By default, the subnets defined under the Subnets tab of the LAN panel are automatically applied for filtering. However, if any subnets are configured and listed in the Local Subnets fields of the External Gateways panel, only these subnets are taken into account for filtering (up to 8 subnets are authorized); they overwrite the LAN subnets of the ip|engine.

The Preference parameter is meaningless.

From the stack of External Gateways names, select 'Zscaler-gateway - secondary' and follow the same procedure as for the first Zscaler gateway. 'Zscaler-gateway - secondary' is used as backup tunnel when 'Zscaler-gateway - primary' fails.

Update your settings. The tunnel is created.