Describes how to configure Zscaler at the Edge level. You can configure the Zscaler settings for an Edge from the Zscaler section available under the VPN Services category in the Device tab.

Before you configure Zscaler, you must have Zscaler cloud subscription. For steps on how to create cloud subscription of type Zscaler, Configure API Credentials.

To configure Zscaler at the Edge level, perform the following steps:
  1. In the SD-WAN Service of the Enterprise portal, click Configure > Edges.
  2. The Edges page displays the existing Edges.
  3. Click the link to an Edge or click the View link in the Device column of the Edge.
  4. The configuration options for the selected Edge are displayed in the Device tab.
  5. Under the VPN Services category, click Zscaler.
  6. The Zscaler settings configured for the associated Profile are displayed. If required, you can select the Override check box and modify the Zscaler settings by addding new sub-locations, editing Gateway options for configured location and sub-locations.
  7. After you have established automatic IPsec/GRE tunnel for an Edge segment, Location is automatically created and appears under the Location table. Note that the Zscaler Location name now includes the Edge name at the beginning so it can be easily identified especially on the Zscaler portal where they can search for the Edge name to find the location.
  8. To edit location Gateway options. click the Edit button under the Location section. The Edit Location Gateway Options dialog box appears.
  9. Configure the Gateway options and Bandwidth control settings for Location and click Done. For more information about Zscaler Gateway Options and Bandwidth Control parameters, see https://help.zscaler.com/zia/configuring-locations.
  10. To reset Zscaler Location gateway options to default, click Reset in the Location section.
  11. In the Sub-Locations section, you can perform the following:
    • To add sub-locations, click the +ADD button and specify sub-location name, LAN networks, and Subnets.

      In prior Orchestrator versions, for the Zscaler sub-location configuration, the Subnets field that takes in subnets ignores the user input if the subnet being added is not directly connected to the Edge device, and users could not modify these subnets using the Orchestrator UI. This limitation presented a challenge for a branch offices where the LAN-side subnets were one hop away due to the presence of a layer 3 switch between the Edge and LAN devices. Release 6.0.0 allows users to add both direct and non-direct subnets.

    • To edit Gateway options and Bandwidth control settings for selected Sub-Locations, click the Edit button.
    • To reset Zscaler Sub-Location gateway options to default, click Reset.
    • To delete sub-locations, select the sub-locations that you want to delete and click the Delete button.
  12. After updating the required settings, click Save Changes in the Device page.

Related Topics