: Create a Service Group
Focus
Focus

Create a Service Group

Table of Contents

Create a Service Group

Create a Service Group for creating a tunnel between Prisma SD-WAN and Netskope security cloud.
A service group is a set of labels that associate the Prisma SD-WAN ION with a NetskopeEndpoint.
  1. Navigate to
    Policies
    Stacked Policies
    .
  2. Select
    Service & DC Groups
    .
  3. Click
    Endpoints
    .
  4. Change the view from
    Prisma SD-WAN
    to
    Standard VPN
    .
  5. Click
    Add Endpoint
    .
  6. Give the endpoint a name and check the
    Admin UP
    box.
  7. Click
    IPs & Hostnames
    .
  8. Enter a comma separated list of the Netskope Primary and Failover POP IP addresses and click
    Done
    .
    Prisma SD-WAN will check RTT for each of these IP addresses and will automatically choose the destination with the lowest latency as the IPsec tunnel endpoint.
  9. Click
    Liveliness Probe
    .
  10. Configure the Probe IP Address from Netskope Tunnel configuration along with ICMP ping interval and failure count and click
    Done
    .
    The probe IP address in the Netskope Security Cloud will be pinged to check liveliness of the tunnel. In the example below, an ICMP packet will be sent once every 10 seconds. When 3 consecutive pings fail, the tunnel will be declared Down.
  11. Click
    Save & Exit
    .
  12. At the
    Groups
    tab, under the
    Domains
    column, against the
    Groups
    row, click
    Add
    to add a new group.
  13. Select
    Standard VPN
    .
  14. Give the group a name and in the
    Endpoints
    drop-down, choose the endpoint that was just configured.
  15. Click
    Save
    .

Recommended For You