Zscaler Internet Access CloudBlade Version 2.0.0
Focus
Focus

Zscaler Internet Access CloudBlade Version 2.0.0

Table of Contents

Zscaler Internet Access CloudBlade Version 2.0.0

This section includes new features, caveats/limitations, and downgrade considerations.

New/Updated Features

Starting with release version 2.0.0, the Zscaler CloudBlade supports both IPSec and GRE tunnels. Zscaler Internet Access (ZIA) has launched APIs that can be used to build GRE tunnels to Zscaler nodes from branches that require high throughput. Each GRE tunnel can have up to 1 Gbps bandwidth.
The AUTO-zscaler-GRE tag is added to a site and circuit to create the GRE tunnels. The site tag is extended for sub-location, custom endpoint, and other options, while the circuit tag is a static tag. A single interface on the device supports both the IPSec tunnels (AUTO-zscaler tag) and GRE tunnels (AUTO-zscaler-GRE tag). If a circuit is tagged with both AUTO-zscaler and AUTO-zscaler-GRE tags on an interface, then both IPSec and GRE tunnels are established to the specific ZEN Nodes.

Changes to Default Behavior

When you roll back the Zscaler Internet Access CloudBlade from 2.0.0 version to 1.4.1 or 1.3.1, remove the GRE tag at the site and circuit levels. Ensure the GRE ServiceLinks are deleted as GRE is not supported in lower versions of the CloudBlade.

Caveats/Limitations

The following caveats are observed with the Zscaler Internet Access CloudBlade:
  • If one or more IPs used in Custom Endpoints is not part of the ranked list (closest data centers), the tunnels will not be established.
  • The Zscaler-requery-GRE-IPs tag must be used on the site in order to update the GRE tunnels to the latest available closest data centers.