Print

VeloCloud SD-WAN Symantec - Configuration Guide - Security Service Edge (SSE) Print

Security Service Edge (SSE)

Starting from the 5.4.0 release, VeloCloud SD-WAN supports the Security Service Edge (SSE) feature. This feature allows VeloCloud SD-WAN to easily integrate with a third party SSE vendor using seamless automation through the Orchestrator. You can configure multiple SSE integrations with the same vendor.

Enterprise users can now configure Non SD-WAN Destinations via Edge and Cloud Subscription through the Security Service Edge (SSE) feature. For manual configuration of network services, see the VeloCloud SD-WAN Administration Guide - Configure Network Services.
Note: Currently, only Non SD-WAN Destination via Edge network service is supported.

To access the SSE feature, navigate to Configure > Security Service Edge (SSE) . By default, the SSE Integrations tab is displayed. Before creating an SSE Integration, you must first create an SSE Subscription.

For an Enterprise user, the Security Service Edge (SSE) feature is activated by default. This feature currently supports PAN Prisma and Symantec configurations.

For more information, please refer to the following topics:

If you wish to edit the existing SSE integration, select the SSE integration from the list on the Security Service Edge (SSE) screen, and then click Edit. You can also click the SSE integration name link to edit it.

To delete the SSE integration, select the SSE integration from the list, and then click Delete.
Note: You cannot delete SSE integrations that are currently used by Edges.

To monitor the automation status, click the View link in the Tunnel Deployment Status column. The following screen appears:

Figure 1. Tunnel Deployment Status
The actions createOrUpdateEdgeConfiguration and deleteEdgeConfiguration indicate the SSE automation to update the Orchestrator Edge Device settings. The other actions are for third party automations.
Note: You can also monitor the SSE deployment status on Monitor > Events and Monitor > Network Services > Non SD-WAN Destinations via Edge screens. For more information, see the VeloCloud SD-WAN Administration Guide - Monitor events and Monitor Network Services.
To verify whether the tunnels are up, go to Monitor > Edges , and hover the mouse under the Edge Tunnels column. You can view the details as shown below:
Figure 2. Edge Tunnels
After configuring the SSE subscription and integration:
  • Associate the Security Service Edge Subscription to an Edge. For more information, see the VeloCloud SD-WAN Administration Guide.
  • Direct the network traffic to a specific Enterprise Cloud. Navigate to Configure > Edges > Business Policy . Click + Add to add a new rule. For more information, see the VeloCloud SD-WAN Administration Guide - Create Business Policy Rule.
..