Verify Standard VPN Endpoints
Table of Contents
Verify Standard VPN Endpoints
Lets see how to verify standard VPN endpoints in Zscaler
CloudBlade Prisma SD-WAN.
With the Zscaler CloudBlade installed, Standard
VPN endpoint with hostnames for IPsec and IPs for GRE are created
automatically. There is no action required, the steps below are
provided only for reference.
- In Strata Cloud Manager, go to .
- Select Manage Endpoints and filter by
Standard VPN.
![]()
- The host names programmed for this endpoint are displayed under
the Hostnames tab.The ION device assigned to sites and circuit types with the AUTO-zscaler tag will perform a latency check for each hostname listed under the Standard VPN endpoint. The list will be sorted based on the fastest to the slowest response. The first reachable hostname will be used to build the Standard VPN.
- If the ZEN hostname selected becomes unavailable after
the IPsec tunnel is established, either by IPsec DPD or via the
Layer 7 health probe specified on the Standard VPN endpoint (see
figure below), the ION device will attempt to establish a new IPsec
VPN to the next hostname in the ordered list.In CloudBlade version 2.0.0, GRE does not establish a new VPN if the current IP is not reachable. You can update the GRE tunnels to the new data center IPs by using the Zscaler-requery-GRE-IPs tag on the site.
![]()
Since no action is required here, proceed to verifying Groups and Domains.
