Prisma SD-WAN
Validate the Zscaler Configuration
Table of Contents
Expand All
|
Collapse All
Prisma SD-WAN Docs
-
-
- Prisma SD-WAN Key Elements
- Prisma SD-WAN Releases and Upgrades
- Use Copilot in Prisma SD-WAN
- Prisma SD-WAN Summary
- Prisma SD-WAN Application Insights
- Device Activity Charts
- Site Summary Dashboard
- Prisma SD-WAN Predictive Analytics Dashboard
- Prisma SD-WAN Link Quality Dashboard
- Prisma SD-WAN Subscription Usage
-
-
- Add a Branch
- Add a Data Center
- Add a Branch Gateway
- Secure Group Tags (SGT) Propagation
- Configure Circuits
- Configure Internet Circuit Underlay Link Aggregation
- Configure Private WAN Underlay Link Quality Aggregation
- Configure Circuit Categories
- Configure Device Initiated Connections for Circuits
- Add Public IP LAN Address to Enterprise Prefixes
- Manage Data Center Clusters
- Configure Secure SD-WAN Fabric Tunnels between Data Centers
- Configure a Site Prefix
- Configure Ciphers
- Configure a DHCP Server
- Configure NTP for Prisma SD-WAN
- Configure the ION Device at a Branch Site
- Configure the ION Device at a Data Center
- Switch a Site to Control Mode
- Allow IP Addresses in Firewall Configuration
-
- Configure a Controller Port
- Configure Internet Ports
- Configure WAN/LAN Ports
- Configure a Sub-Interface
- Configure a Loopback Interface
- Add and Configure Port Channel Interface
- Configure a PoE Port
- Configure and Monitor LLDP Activity and Status
- Configure a PPPoE Interface
- Configure a Layer 3 LAN Interface
- Configure Application Reachability Probes
- Configure a Secondary IP Address
- Configure a Static ARP
- Configure a DHCP Relay
- Configure IP Directed Broadcast
- VPN Keep-Alives
-
- Configure Prisma SD-WAN IPFIX
- Configure IPFIX Profiles and Templates
- Configure and Attach a Collector Context to a Device Interface in IPFIX
- Configure and Attach a Filter Context to a Device Interface in IPFIX
- Configure Global and Local IPFIX Prefixes
- Flow Information Elements
- Options Information Elements
- Configure the DNS Service on the Prisma SD-WAN Interface
- Configure SNMP
-
-
- Prisma SD-WAN Branch Routing
- Prisma SD-WAN Data Center Routing
-
- Configure an OSPF in Prisma SD-WAN
- Enable BGP for Private WAN and LAN
- Configure BGP Global Parameters
- Global or Local Scope for BGP Peers
- Configure a Route Map
- Configure a Prefix List
- Configure an AS Path List
- Configure an IP Community List
- View Routing Status and Statistics
- Distribution to Fabric
- Host Tracking
-
- Configure Multicast
- Create, Assign, and Configure a WAN Multicast Configuration Profile
- Configure Global Multicast Parameters
- Configure a Multicast Static Rendezvous Point (RP)
- Learn Rendezvous Points (RPs) Dynamically
- View LAN Statistics for Multicast
- View WAN Statistics for Multicast
- View IGMP Membership
- View the Multicast Route Table
- View Multicast Flow Statistics
- View Routing Statistics
-
- Prisma SD-WAN Branch HA Key Concepts
-
- Configure Branch HA with Gen-1 Platforms (2000, 3000, 7000, and 9000)
- Configure Branch HA with Gen-2 Platforms (3200, 5200, and 9200)
- Configure Branch HA with Gen-2 Embedded Switch Platforms (1200-S or 3200-L2)
- Configure Branch HA for Devices with Software Cellular Bypass (1200-S-C-5G)
- Configure Branch HA for Platforms without Bypass Pairs
- Configure Branch HA in a Hybrid Topology with Gen-1 (3000) and Gen-2 (3200) Platforms
- Configure HA Groups
- Add ION Devices to HA Groups
- Edit HA Groups and Group Membership
- Prisma SD-WAN Clarity Reports
-
-
CloudBlade Integrations
- CloudBlade Integrations
- CloudBlades Integration with Prisma Access
-
- Plan the Zscaler CloudBlade Deployment
- Acquire the Zscaler Information
- Create Security Zone and Security Policy for GRE Tunnels Creation
- Assign Tags to Objects in Prisma SD-WAN
- Validate the Zscaler Configuration
- Troubleshoot Installation Scenarios
- Troubleshoot Standard VPNs
- Enable, Pause, Disable, and Uninstall the CloudBlade
-
Something went wrong please try again later
Something went wrong please try again later
Validate the Zscaler Configuration
Lets see how to validate the Zscaler configuration in Prisma SD-WAN.
Where Can I Use This? | What Do I Need? |
---|---|
|
|
The Zscaler CloudBlade will provision locations and unique VPN credentials per tunnel
within Zscaler. Below is a sample output of the deployment for the Milan Branch 2
site from the Zscaler portal. This site has two circuits. Note that there is a third
fake VPN credential which is never used, but is part of the initial location
creation and onboarding process.

The status of the deployment and tunnels can be validated on the CloudBlades page as
follows:
- On the CloudBlades screen, click Monitor.
- Select the Stats tab to see information on the Zscaler sites and status of the IPSec and GRE tunnels.
- Select the Summary tab to see an overview of all the connected sites, ZEN node endpoints, and name of the third-party endpoints.
- Select the Details tab to view the deployment status and the configuration details. These details are helpful for troubleshooting.
Edit Application Network Policy Rules
Once the CloudBlade configures the appropriate Standard VPN objects
within Prisma SD-WAN and Zscaler, the administrator can reference
the path (Standard VPN) and service group (Zscaler) within application network
policies. The ION devices will make intelligent per-app path selections using
the network policies to chain multiple path options together in Active-Active
and Active-Backup modes.
Example:
- Application A: Take Standard VPN direct to Zscaler.
- Application B: Take Standard VPN direct to Zscaler; Backup to Direct Internet.
- Application C: Go to Internet through Prisma SD-WAN; Backup to Standard VPN direct to Zscaler.
- Application D: Use only Direct Internet.
The Prisma SD-WAN Secure Application Fabric (AppFabric) enables
granular controls for virtually unlimited number of policy permutations down to
the sub-application level. Here are some of the most common examples of how
traffic policy can be configured per application:
- Send all internet-bound traffic from a set of branches to a Zscaler datacenter. (Blanket Greylist)
- Send all internet-bound traffic from a set of branches to a Zscaler datacenter with the exception of specific known applications. (Greylist-Whitelist)
- Send all internet traffic direct to the internet except for certain applications needing additional inspection or security. (Whitelist-Greylist)