Assigning Cloud Breakout Settings to Sites

You use the Assign Cloud Breakout Settings to Sites page to assign cloud breakout settings to one or more sites. You assign cloud breakout settings to one or more sites to provision tunnels from the sites to the cloud breakout node. For breakout traffic from the site, the cloud breakout profile must be referenced in an SD-WAN policy intent.

Procedure

1. Select Configuration > SD-WAN > Breakout Profiles.

   The Breakout Profiles page appears.

2. On the Cloud Breakout Settings tab, select a cloud breakout profile and click Assign Sites.

   The Assign Cloud Breakout Settings to Sites page appears displaying the name of the cloud breakout setting and the existing sites to which you can assign the setting. All SD-WAN sites that have local breakout enabled will be displayed in the Available sites column.

3. In the Sites field, select one or more sites in the Available column and click the right arrow icon to move the selected sites to the Selected column. You can also use the search icon on the top right of each column to search for sites names.

   Alternatively, if you want to remove sites that you previously selected for assignment, select one or more sites in the Selected column and click the left arrow icon to move the selected sites back to the Available column.

   Note You must select at least one site before proceeding.

4. Click Next.

   The Edit Site Tunnels tab is displayed.

5. Review the configuration and modify the settings, if needed.

   • For IPsec Tunnels, ensure that the format for the FQDN is as follows:

     • Site-name.primary_link.primary_gateway.1@Customer-Domain-Name for the primary gateway primary link

     • Site-name.backup_link.primary_gateway.1@Customer-Domain-Name for the primary gateway backup link

     • Site-name.primary_link.backup_gateway.1@Customer-Domain-Name for the secondary gateway primary link

     • Site-name.backup_link.backup_gateway.1@Customer-Domain-Name for the secondary gateway backup link

     Where Site-Name is the name of the site (in CSO) for which the breakout is configured and Customer-Domain-Name is the name of the customer domain (in CSO) that you added while onboarding the tenant (Administration Portal > Tenants > Add Tenant > Tenant Properties > Cloud Breakout Settings).

   • For GRE tunnels, ensure that the primary and secondary gateway internal IP prefix is same as provided by the Zscaler.

6. Select the local links (WAN links) to create the tunnel.
7. Select the link mode as Active-Active or Active-Backup. The primary link is always set to active mode and is used to send the traffic. If secondary link is set to active, the CPE device will load balance the traffic on both primary and secondary links. If the secondary link is set to backup, then secondary link will not be used to send traffic unless the primary link fails.
8. Click OK.

   A Job is created and you are returned to the Breakout Profiles page (Cloud Breakout Settings tab). After successful completion of the job, the names of the sites to which the settings are assigned are displayed in the Sites column.

Related Documentation

• Breakout and Breakout Profiles Overview

• Detaching Cloud Breakout Settings from Sites