There could be a scenario in which all user credentials, keys, and tokens are correct, and the Zscaler Location and VPN credential objects are also created. However, the Prisma SD-WAN VPNs are not created. This can be due to the pre-built IPsec profiles based on Zscaler’s recommended best practices, which have not been allocated to your Prisma SD-WAN tenant. Another reason could be that the custom IPsec profile name specified in your CloudBlade configuration does not exist (or has a typo in it).

This condition can be validated by selecting the Messages link on the CloudBlade card and looking for an error message similar to the one below.

To verify that these IPsec profiles exist, navigate to Stacked Policies > IPsec Profiles, and check if the profiles shown in the example below are displayed. If these two profiles are not present, please contact Prisma SD-WAN support. Or, create your own IPsec profile and that name in your CloudBlade configuration.

The next section will cover troubleshooting issues once the CloudBlade is installed.