Expand all | Collapse all
Create a Service Group
Create a Service Group for creating a tunnel between
Prisma SD-WAN and Netskope security cloud.
A service group is a set of labels that associate
the Prisma SD-WAN ION with a NetskopeEndpoint.
Select
Service & DC Groups
.
Change the view from
Prisma SD-WAN
to
Standard
VPN
.
Give the endpoint a name and check the
Admin
UP
box.
Enter a comma separated list of the Netskope Primary
and Failover POP IP addresses and click
Done
.
Prisma SD-WAN will check RTT for each of these IP addresses
and will automatically choose the destination with the lowest latency
as the IPsec tunnel endpoint.
Configure the Probe IP Address from Netskope Tunnel configuration
along with ICMP ping interval and failure count and click
Done
.
The probe IP address in the Netskope Security Cloud will
be pinged to check liveliness of the tunnel. In the example below, an
ICMP packet will be sent once every 10 seconds. When 3 consecutive
pings fail, the tunnel will be declared Down.
At the
Groups
tab, under the
Domains
column,
against the
Groups
row, click
Add
to
add a new group.
Give the group a name and in the
Endpoints
drop-down,
choose the endpoint that was just configured.