Configuring SD-WAN interfaces
To use the secure SD-WAN capability, we need to configure the primary and secondary Zscaler ZENs as SD-WAN interface members.
In this example, the SF ZEN is closer, so we will choose the Lowest Cost (SLA) SD-WAN algorithm to prefer the SF ZEN over the DC ZEN, and configure the Zscaler-SF interface with a lower cost.
To configure the primary ZEN as an SD-WAN interface member:
- Go to Network > SD-WAN, and click Create New from the SD-WAN Interface Members section. The New SD-WAN Member modal slides on screen.
- Configure the Interface to be Zscaler-SF from the drop-down list.
- Configure the Cost to be
5
. A lower Cost value indicates that this member is the primary interface member, and is preferred more than a member with a higher Cost value when using the Lowest Cost (SLA) strategy.
- Click OK.
To configure the secondary ZEN as an SD-WAN interface member:
- Go to Network > SD-WAN Zones, and click Create New > SD-WAN Member. The New SD-WAN Member screen displays.
- Configure the Interface to be Zscaler-DC from the drop-down list.
- Configure the Cost to be
10
. A higher Cost value indicates that this member is the secondary interface member, and is preferred less than a member with a lower Cost value when using the Lowest Cost (SLA) strategy.
- Click OK.
Similarly, repeat the above procedure to configure the Internet_A and Internet_B interfaces with Costs of 5
and 10
respectively.
After all the SD-WAN interface members are configured as required, verify the configurations on the Network > SD-WAN screen.
After configuring SD-WAN interface members, we need to configure a static route that points to the SD-WAN interface.
To configure the static route:
- Go to Network > Static Routes, and click Create New > IPv4 Static Route. The New Static Route screen displays.
- Select Subnet for the Destination setting and enter
0.0.0.0/0.0.0.0
in the associated text input field. - Select SD-WAN as the Interface from the drop-down list.
- Click OK.