Focus

Zscaler Internet Access CloudBlade Integration Guide

Verify Standard VPN Endpoints

Table of Contents

Verify Standard VPN Endpoints

Lets see how to verify standard VPN endpoints in Zscaler CloudBlade Prisma SD-WAN.

With the Zscaler CloudBlade installed, Standard VPN endpoint with hostnames for IPsec and IPs for GRE are created automatically. There is no action required, the steps below are provided only for reference.

From the Prisma SD-WAN web interface, click

Manage

Resources

Service & DC Groups

Select

Endpoints

and filter by

Standard VPN

The host names programmed for this endpoint are displayed under the

Hostnames

tab.

The ION device assigned to sites and circuit types with the

AUTO-zscaler

tag will perform a latency check for each hostname listed under the Standard VPN endpoint. The list will be sorted based on the fastest to the slowest response. The first reachable hostname will be used to build the Standard VPN.

If the ZEN hostname selected becomes unavailable after the IPsec tunnel is established, either by IPsec DPD or via the Layer 7 health probe specified on the Standard VPN endpoint (see figure below), the ION device will attempt to establish a new IPsec VPN to the next hostname in the ordered list.

In CloudBlade version 2.0.0, GRE does not establish a new VPN if the current IP is not reachable. You can update the GRE tunnels to the new data center IPs by using the

Zscaler-requery-GRE-IPs

tag on the site.

Since no action is required here, proceed to verifying

Groups

and

Domains

Understand Service and Data Center Groups

Verify Standard VPN Group

Zscaler Internet Access CloudBlade Integration Guide

Verify Standard VPN Endpoints

Verify Standard VPN Endpoints

Recommended For You