This section provides an overview of Cloud Security Services.
Currently, the connectivity from a branch Edge to a cloud service or a Non VMware SD-WAN Site is established through the SD-WAN Gateway. In this model, the SD-WAN Gateway aggregates traffic from multiple branch Edges and securely forwards the traffic to the Non VMware SD-WAN Site.
You can also configure the branch Edge to establish a tunnel direct to the cloud service pop. This option has the following advantages:
- You can save link bandwidth costs by offloading non-enterprise traffic to the internet.
- By redirecting the Internet traffic to a cloud security service, you can ensure that the branch sites are protected from malicious traffic.
- Simplified configuration.
This document describes how to define and configure a cloud security service instance and establish a secure tunnel directly from the Edge to the cloud security service. The configuration is divided into three parts: