Fortinet black logo

SD-WAN Deployment with Zscaler

Home FortiGate / FortiOS 6.2.0 SD-WAN Deployment with Zscaler

Configuring IPsec or GRE tunnels on Zscaler Internet Access

6.2.0
6.4.2
6.4.1
6.2.0
Copy Link
Copy Doc ID 1e9179fe-c082-11ea-8b7d-00505692583a:330915
Download PDF

Configuring IPsec or GRE tunnels on Zscaler Internet Access

IPsec and GRE are similar in the sense that both provide tunneling across the public Internet. However, IPsec also provides encryption and GRE does not. Also, Zscaler Internet Access supports a greater throughput over GRE tunnels while throughput over an IPsec tunnel is capped.

In this case, you will configure either IPsec tunnels or GRE tunnels, and not both.

To configure IPsec tunnels on ZIA:
  1. Locate the available data-centers and the hostname/IP address of the VIP to which you will establish a tunnel; go to Locating the Hostnames and IP Addresses of Zscaler Enforcement Nodes (ZENs).
  2. Add the VPN credentials for IPsec tunnel on ZIA; go to Adding VPN Credentials.
  3. Configure the VPN credentials to a location; go to Configuring Locations.

Repeat the above procedure to configure a second IPsec tunnel to another Zscaler ZEN.

Note

You may configure GRE tunnels, though Fortinet recommends configuring IPsec tunnels.
To configure GRE tunnels on ZIA:
  1. Locate the available data-centers and the hostname/IP address of the VIP to which you will establish a tunnel; go to Locating the Hostnames and IP Addresses of Zscaler Enforcement Nodes (ZENs).
  2. Configure the GRE tunnel on ZIA; go to Configuring GRE tunnels.
  3. Configure a location by choosing a static IP address; go to Configuring Locations.

Repeat the above procedure to configure a second GRE tunnel to another Zscaler ZEN.

If you have any problems, contact Zscaler by submitting a support ticket at https://help.zscaler.com/submit-ticket.

Previous
Next

Configuring IPsec or GRE tunnels on Zscaler Internet Access

IPsec and GRE are similar in the sense that both provide tunneling across the public Internet. However, IPsec also provides encryption and GRE does not. Also, Zscaler Internet Access supports a greater throughput over GRE tunnels while throughput over an IPsec tunnel is capped.

In this case, you will configure either IPsec tunnels or GRE tunnels, and not both.

To configure IPsec tunnels on ZIA:
  1. Locate the available data-centers and the hostname/IP address of the VIP to which you will establish a tunnel; go to Locating the Hostnames and IP Addresses of Zscaler Enforcement Nodes (ZENs).
  2. Add the VPN credentials for IPsec tunnel on ZIA; go to Adding VPN Credentials.
  3. Configure the VPN credentials to a location; go to Configuring Locations.

Repeat the above procedure to configure a second IPsec tunnel to another Zscaler ZEN.

Note

You may configure GRE tunnels, though Fortinet recommends configuring IPsec tunnels.
To configure GRE tunnels on ZIA:
  1. Locate the available data-centers and the hostname/IP address of the VIP to which you will establish a tunnel; go to Locating the Hostnames and IP Addresses of Zscaler Enforcement Nodes (ZENs).
  2. Configure the GRE tunnel on ZIA; go to Configuring GRE tunnels.
  3. Configure a location by choosing a static IP address; go to Configuring Locations.

Repeat the above procedure to configure a second GRE tunnel to another Zscaler ZEN.

If you have any problems, contact Zscaler by submitting a support ticket at https://help.zscaler.com/submit-ticket.

Previous
Next