Step by Step Procedure
Refer to "Use Case 8" diagram where EdgeSentry information is displayed in green.
Activating EdgeSentry
| 1 | In the General panel of the Branch Office 1 ip|engine (B01) Configuration window, select the EdgeSentry Region. It is the closest region to the ip|engine. Note that region information is common to all the WAN interfaces of the ip|engines on the same Site, for which EdgeSentry has been activated. |
| 2 | Connect B01 WAN1 router interface to EdgeSentry by checking the option. The EdgeSentry Region you selected in the previous step is automatically displayed. |
Eligible interfaces are WAN Router interfaces on hybrid or full router ip|engines.
| 3 | Click Update. |
Warning: The same WAN interface cannot be connected to EdgeSentry and to a Web Security Gateway at the same time.
Since this interface is also connected to a Zscaler Web Security Gateway (see "Use Case 9"), this configuration is automatically disabled when you activate EdgeSentry. If you disable EdgeSentry, the Web Security Gateway configuration is enabled again.
| 4 | From the SD-WAN Orchestrator top menu, connect to the Cloud Security Partner's portal by selecting Network -> EdgeSentry Portal. |
| 5 | Configure Security Policies according to the procedure described in the Cloud Security Partner's documentation. |
| 6 | Define the traffic to forward to EdgeSentry through the wsg or wsg+ Internet Access Policies of the Zone-Based Firewall. Refer to "Internet Access Policies". |
| 7 | Click Update to validate the configuration. |
Checking EdgeSentry Connections
| 1 | Verify whether the EdgeSentry configuration is operational by checking that there are supervised connections in the EdgeSentry Connections panel of the Supervision -> Overview dashboard. |
For each connected WAN router interface, a primary connection and a secondary connection are created; refer to Use Case 8 diagram. If EdgeSentry connections are displayed in the 'Down' column, check the alarms raised for the configured EdgeSentry ip|engine in the Active Alarms and Event History dashboards.
| 2 | On the Supervision -> Tunnel Status dashboard, check that the EdgeSentry tunnels are up. |
| 3 | On the Network -> Configuration window, click the  icon for the appropriate ip|engine. In the displayed window, select Tunnels -> IPsec to analyze the details of the created EdgeSentry tunnels. |
Also see how to configure a Web Security Gateway.