The cloud security service establishes a secure tunnel from an Edge to the cloud security service sites. This ensures secured traffic flow to the cloud security services.


  1. In the Enterprise portal, click Configure > Network Services.
  2. In the Cloud Security Service section, click New.
  3. In the New Cloud Security Provider window, select a service type from the drop-down list:
    After selecting the service type, configure the following settings:
    Option Description
    Service Name Enter a descriptive name for the cloud security service.
    Primary Point-of-Presence/Server Enter the IP address or hostname for the Primary server.
    Secondary Point-of-Presence/Server Enter the IP address or hostname for the Secondary server.
    Note: If you have selected Zscaler Cloud Security Service as Service Type and planning to assign a GRE tunnel, it is recommended to enter only IP address in the Primary and Secondary Server, and not the hostname, as GRE does not support hostnames.
    If you choose ZScaler cloud security service, then you can choose to automate the deployment by selecting the Automate Cloud Service Deployment checkbox. Configure the following if you choose to automate the cloud service deployment:
    Option Description
    Zscaler Cloud Enter the Zscaler cloud service name.
    Partner Admin Username Enter the provisioned username of the partner admin.
    Partner Admin Password Enter the provisioned password of the partner admin.
    Partner Key Enter the provisioned partner key.
    Domain Enter the domain name on which the cloud service would be deployed.
    Note: For more information about Zscaler CSS automation, see Zscaler and VMware SD-WAN Deployment Guide.
    Click Validate Credentials.
  4. Click Add.
  5. Repeat the above steps to configure more cloud security services.


The configured cloud security services are displayed in the Network Services window.

What to do next

Associate the cloud security service with a profile. See Configure Cloud Security Services for Profiles.