Configuring traffic redirection to a Web Security Gateway

The purpose of this Use Case, which is complementary to "Use Case 1", is to enable the connection to a Zscaler Web Security Gateway delivered from the cloud. The Zscaler platform defends against malware, advanced threats, phishing, browser exploits, malicious URLs and botnets. As well as web security, the service offers web filtering, firewalls and anti-spam functions.

This section describes how to configure this gateway in your network, from Branch Office 1 appliance over the Internet.

One tunnel is created after you have defined the appropriate parameters in both the Orchestrator and in Zscaler.

Note: Only Zscaler is supported in this SD-WAN Orchestrator version. It is likely that other web security gateways can be defined.

"Defining the Web Security Gateway"

"Connecting the Branch Office appliance to the Gateway"

Use Case 9

Graph legend

Blue connection

Grey connection

SD-WAN appliance

router

subnet

host in a subnet

server

IPsec tunnel

physical connection between devices

Note: A router may be a CE Router (MPLS Router), an Internet Access Router or a Core Router.

Creating a Web Security gateway

Select Network -> External Gateways from the Orchestrator main menu.

On the displayed window, click the Add button to display the form. The basic procedure for defining a web security gateway consists of the following steps:

Identifying the gateway
Defining the Public IP addresses of both the Zscaler Gateway and the Branch Office appliance it is connected to. The Public IP addresses of the Zscaler security gateway include a primary address and a secondary backup address used to set up two tunnels in active/backup configuration.
Defining the IPSec tunnel parameters.

Refer to the following sections for detailed explanations.

Modifying or deleting a Web Security gateway

Click to edit the configuration of a web security gateway. Modify any values and hit to save your settings.
Click if you want to delete a web security gateway. The system asks you to click the icon a second time to confirm your action.