Lets see how to manage the Zscaler CloudBlade in Prisma SD-WAN by enabling, pausing,
disabling, and uninstalling the CloudBlade.
After the CloudBlade is set up, operations can be done using the CloudBlade
panel. These operations have various effects on the tunnels and configurations in Prisma SD-WAN and Zscaler.
Set the CloudBlade to Enabled
Enabled is the standard expected mode of operation for the CloudBlade. The
CloudBlade will run every 60 seconds, find any new Sites or Circuits with the
appropriate tags, and configure the integration on Zscaler and Prisma SD-WAN. In addition, during this integration run, if any
settings were previously modified manually on either Prisma SD-WAN or Zscaler (for example VPN credentials changed, or Location deleted in
Zscaler), these will be reverted to the known good state automatically.
Set the CloudBlade to Paused
Pausing the CloudBlade stops all future integration runs, but leaves any created
objects intact. This stops any future objects from getting created but does NOT
prevent removal of any unconfigured/untagged objects on either Prisma SD-WAN or Zscaler.
Set the CloudBlade to Disabled
Disabling the CloudBlade tells the system to remove and delete all configurations
created by the CloudBlade. This can cause communication interruptions if the
policy isn’t set to use other paths. The IPSec policies, IKE policies, and Prisma SD-WAN Endpoints and Service and DC groups aren’t
automatically deleted and must be removed manually.
Uninstalling the CloudBlade
Uninstalling the CloudBlade removes the configuration for the CloudBlade, and
immediately stops any changes by the CloudBlade. Uninstalling the CloudBlade
doesn’t automatically remove configuration from all sites and objects. The
CloudBlade may be uninstalled and reinstalled to facilitate upgrades or
downgrades to different versions without traffic interruption. To completely
remove all items, set the CloudBlade to Disabled for 2-3 integration run periods
(180 seconds) before uninstalling the CloudBlade.
