Lets see how to Enable, Pause, Disable, and Uninstall the Zscaler CloudBlade in Prisma
SD-WAN.
After the CloudBlade is set up, operations
can be done using the CloudBlade panel. These operations have various
effects on the tunnels and configurations in Prisma SD-WAN and Zscaler.
Set the CloudBlade to Enabled
Enabled is the standard expected mode of operation for the CloudBlade. The CloudBlade will run
every 60 seconds, find any new Sites or Circuits with the appropriate tags, and
configure the integration on Zscaler and Prisma SD-WAN. In addition, during this
integration run, if any settings were previously modified manually on either
Prisma SD-WAN or Zscaler (for example VPN credentials changed, or Location
deleted in Zscaler), these will be reverted to the known good state
automatically.
Set the CloudBlade to Paused
Pausing the CloudBlade
stops all future integration runs, but leaves any created objects
intact. This stops any future objects from getting created but does
NOT prevent removal of any unconfigured/untagged objects on either
Prisma SD-WAN or Zscaler.
Set the CloudBlade to Disabled
Disabling the CloudBlade tells the system to remove and delete all configurations created by the
CloudBlade. This can cause communication interruptions if the policy isn’t set
to use other paths. The IPSec policies, IKE policies, and Prisma SD-WAN
Endpoints and Service and DC groups aren’t automatically deleted and must be
removed manually.
Uninstalling the CloudBlade
Uninstalling the CloudBlade removes the configuration for the CloudBlade, and immediately stops
any changes by the CloudBlade. Uninstalling the CloudBlade doesn’t automatically
remove configuration from all sites and objects. The CloudBlade may be
uninstalled and reinstalled to facilitate upgrades or downgrades to different
versions without traffic interruption. To completely remove all items, set the
CloudBlade to Disabled for 2-3 integration run periods (180 seconds) before
uninstalling the CloudBlade.