Cisco SD-WAN Zscaler Software Defined WAN (SD-WAN) SASE Cisco Networking Security Transformation
Video
375
views
5:42

June 16, 2022

Zscaler ZIA Integration With Cisco SD-WAN

Backhauling Internet-bound traffic from branches to a data center to consume traditional security services is expensive and adds latency. Many organizations are improving their network infrastructure by adopting SD-WAN and enabling Direct Internet Access (DIA). With the Zscaler and the Cisco SD-WAN integration, you can rapidly gain access to cloud-delivered security in minutes. This market-leading API automation makes it very fast and agile to deploy and manage the network and security environment of hundreds or even thousands of remote sides.

Below is a summary of the configuration used in this video demonstration. Always consult the product documentation to ensure your configuration settings are correct for your deployment.

Collect & create Zscaler needed integration parameters

As per the Zscaler/SDWAN configuration guide, there are a few needed parameters that the Cisco SD-WAN solution would need to automatically integrate with Zscaler via API. These parameters would be collected after login into the Zscaler portal.

Locate the Zscaler Organization name for the account 

Administration>Settings>Company Profile>Organization

Locate the Zscaler Partner URI

This is the URL to be used by our deployment for API integrations. Administration>Cloud Service API Key Management>Cloud Service API Key

Add an SD-WAN partner key 

Administration>Partner Integrations>SD-WAN

Add a partner administrator role

Administration>Authentication>Role Management

By creating an administrator role, we can define the permissions and access we wish to grant a third-party partner, such as Cisco SD-WAN.

Create a partner administrator account 

Administration>Administration Control>Administration Management

A second set of authentication credentials are needed for this integration. You must create partner administrator credentials to be used to authenticate against the Zscaler ZIA provisioning API. These credentials will be associated with the Admin SD-WAN role created in the previous step.

At this point, we have all the Zscaler needed parameters to integrate the solution into our SD-WAN fabric.

Create a SIG feature template for API access to Zscaler

In this section, we will enter the parameters collected in the previous steps. 

Create a SIG feature template to define tunnel parameters

Define tunnel parameters, in this example, we have an active primary tunnel and the second tunnel in a standby state. 

Assign feature templates to the device template for our SSE branch

Adding the two feature templates created in the previous steps to the device template that we would like to implement the SIG tunnels. 

Add a Service Route to redirect traffic to the SIG Service

This will direct all internet traffic to the SIG service. Additionally, this could also be achieved via a policy for more granular options. 

Backhauling Internet-bound traffic from branches to a datacenter to consume traditional security services is expensive and adds latency. Many organizations are improving their network infrastructure by adopting SD-WAN and enabling Direct Internet Access (DIA). With the Zscaler and SD-WAN integration, you can rapidly gain access to cloud-delivered security in minutes. 

Explore more in the Cisco SD-WAN and Zscaler integration self-guided lab.

Technologies