印刷

VeloCloud SD-WAN Symantec - Configuration Guide - Symantec WSS PoP to PoP Integration 印刷

Symantec WSS PoP to PoP Integration

Starting with the 6.1.0 release, VeloCloud SD-WAN introduces the Symantec Web Security Service (WSS) PoP to PoP integration, which supports pre-provisioned Geneve tunnels from VeloCloud Gateways (VCG) to Symantec WSS Gateways in GCP. With pre-provisioned Geneve tunnels, SD-WAN customers who have a Symantec SSE subscription need not configure and setup IPsec tunnels from the Edge or Gateway for their tenant. They can use the pre-provisioned connectivity between VeloCloud Gateway to WSS to carry their network traffic. This is inspected by Symantec SSE via a Business Policy.

Only an Operator user can activate this feature by navigating to Gateway Management > Gateways . For more information, see the topic Configure Gateways in the Arista VeloCloud SD-WAN Operator Guide.

To perform Symantec WSS PoP to PoP Integration, follow the below workflow:

See Configure SSE for Symantec for information on configuring SSE Subscription and SSE Integration for Symantec.

After you have created the SSE Symantec integration using PoP to PoP, you can view the deployment status on the Security Service Edge (SSE) Automated Configuration screen, by clicking the View link in the Tunnel Deployment Status column.
Figure 1. Tunnel Deployment Status
  1. Create a Business Policy
    1. Navigate to Configure > Profiles > Business Policy .
    2. Click Add.
      The following window appears:
      Figure 2. Add Rule - Match tab
    3. Enter the Rule Name and select the IP Version as IPv4.
      Note: For Symantec WSS integration, only IPv4 is supported.
    4. Under the Match tab, select Destination as Internet.
    5. Under the Action tab, select the Network Service as Internet Backhaul > Symantec WSS Gateway .
      Figure 3. Add Rule - Action tab
    6. On selecting Symantec WSS Gateway, the field Symantec WSS Integration appears. The drop-down menu lists the SSE integrations configured for WSS. Select an SSE integration to use.
    7. Configure all the other fields, and then click Create. For more information on these fields, see the topic Create Business Policy Rule in the Arista VeloCloud SD-WAN Administration Guide.
      Note:
      • For Symantec WSS integration, the business policy can only be configured at Profile level and not Edge level.
      • Ensure that Cloud VPN is activated for the selected Profile.
  2. Monitor SSE Integration
    1. Navigate to Monitor > Security Service Edge , to monitor the Symantec WSS PoP integration status.
      Figure 4. Monitor SSE Integration
    2. Expand the integration name to view the following details:
      • Number of connected Gateways
      • WSS Endpoint details
      • Number of Profiles using this integration
      • Number of locations associated
      • Last updated date
..