This section provides an overview of Cloud Security Services.

Currently, the connectivity from a branch Edge to a cloud service or a Non VMware SD-WAN Site is established through the SD-WAN Gateway. In this model, the SD-WAN Gateway aggregates traffic from multiple branch Edges and securely forwards the traffic to the Non VMware SD-WAN Site.

You can also configure the branch Edge to establish a tunnel direct to the cloud service pop. This option has the following advantages:

  • You can save link bandwidth costs by offloading non-enterprise traffic to the internet.
  • By redirecting the Internet traffic to a cloud security service, you can ensure that the branch sites are protected from malicious traffic.
  • Simplified configuration.

This document describes how to define and configure a cloud security service instance and establish a secure tunnel directly from the Edge to the cloud security service. The configuration is divided into three parts: