When you have assigned a profile to an Edge, the device automatically inherits the cloud security service associated with the profile. You can override the settings to modify the attributes for each Edge.

  1. In the Enterprise portal, click Configure > Edges.
  2. In the Cloud Security Service section, the cloud security service parameters of the associated profile are displayed. Select Enable Edge Override, to modify the attributes. For more information on the attributes, see Configure Cloud Security Services for Profiles.

    Configure IPsec settings

Apart from the existing attributes, you can configure the following additional parameters for an Edge:

  • FQDN – Enter the Fully Qualified Domain Name for an IPsec protocol.
  • PSK – Enter the Pre-shared Key for an IPsec protocol.
Note: The above options are not available for Symantec cloud security service.

If you choose the GRE tunneling protocol for Zscaler cloud security service, add the GRE tunnel parameters.

  1. Click Add Tunnel.
  2. In the Add Tunnel window, configure the following:

    Option Description
    WAN Links Select the WAN interface to be used as source by the GRE tunnel.
    Tunnel Source Public IP Choose the IP address to be used as a public IP address by the Tunnel. You can either choose the WAN Link IP or Custom WAN IP. If you choose Custom WAN IP, enter the IP address to be used as public IP.
    Primary Router IP/Mask Enter the primary IP address of Router.
    Secondary Router IP/Mask Enter the secondary IP address of Router.
    Primary ZEN IP/Mask Enter the primary IP address of Internal Zscaler Public Service Edge.
    Secondary ZEN IP/Mask Enter the secondary IP address of Internal Zscaler Public Service Edge.
    Note: The Router IP/Mask and ZEN IP/Mask are provided by Zscaler.
  3. Click OK and the tunnel details are displayed in the Cloud Security Services section.

Click Save Changes in the Edges window to save the modified settings.

For the profiles created with cloud security service enabled and configured prior to 3.3.1 release, you can choose to redirect the traffic as follows:

  • Redirect only web traffic to Cloud Security Service
  • Redirect all internet bound traffic to Cloud Security Service
  • Redirect traffic based on Business Policy Settings – This option is available only from release 3.3.1. If you choose this option, then the other two options are no longer available.
Note: For the new profiles that you create for release 3.3.1 or later, by default, the traffic is redirected as per the Business Policy settings.

You can create a rule in the business policy to associate the cloud security service.

  1. In the Business Policy tab of the Edge, create a new rule by clicking New Rule or, from the Actions drop-down menu, choose New Rule.

    The Configure Rule dialog box appears.

  2. Enter a unique name for the Rule Name.
  3. In the Action area, click the Internet Backhaul button and choose Cloud Security Service.
  4. Click OK.

    The new rule appears in the Business Policy screen.