When you have assigned a profile to an Edge, the device automatically inherits the cloud security service and attributes configured in the profile. You can override the settings to select a different cloud security provider or modify the attributes for each Edge.
- In the Enterprise portal, click .
- In the Cloud Security Service section, the cloud security service and parameters of the associated profile are displayed. Select Enable Edge Override, to select a different cloud security service or to modify the attributes. For more information on the attributes, see Configure Cloud Security Services for Profiles.
Apart from the existing attributes, you can configure the following additional parameters for an Edge:
- FQDN – Enter the Fully Qualified Domain Name for an IPsec protocol.
- PSK – Enter the Pre-shared Key for an IPsec protocol.
Note: The above options are not available for Symantec cloud security service.
If you choose the GRE tunneling protocol for Zscaler cloud security service, add the GRE tunnel parameters.
- Click Add Tunnel.
- In the Add Tunnel window, configure the following:
Option Description WAN Links Select the WAN interface to be used as source by the GRE tunnel. Tunnel Source Public IP Choose the IP address to be used as a public IP address by the Tunnel. You can either choose the WAN Link IP or Custom WAN IP. If you choose Custom WAN IP, enter the IP address to be used as public IP. Primary Router IP/Mask Enter the primary IP address of Router. Secondary Router IP/Mask Enter the secondary IP address of Router. Primary ZEN IP/Mask Enter the primary IP address of Internal Zscaler Public Service Edge. Secondary ZEN IP/Mask Enter the secondary IP address of Internal Zscaler Public Service Edge. Note: The Router IP/Mask and ZEN IP/Mask are provided by Zscaler. - Click OK and the tunnel details are displayed in the Cloud Security Services section.
Click Save Changes in the Edges window to save the modified settings.
For the profiles created with cloud security service enabled and configured prior to 3.3.1 release, you can choose to redirect the traffic as follows:
- Redirect only web traffic to Cloud Security Service
- Redirect all internet bound traffic to Cloud Security Service
- Redirect traffic based on Business Policy Settings – This option is available only from release 3.3.1. If you choose this option, then the other two options are no longer available.
Note: For the new profiles that you create for release 3.3.1 or later, by default, the traffic is redirected as per the Business Policy settings. See
Configure Business Policies with Cloud Security Services.