Assigning Cloud Breakout Settings to Sites
You use the Assign Cloud Breakout Settings to Sites page to assign cloud breakout settings to one or more sites. You assign cloud breakout settings to one or more sites to provision tunnels from the sites to the cloud breakout node. For breakout traffic from the site, the cloud breakout profile must be referenced in an SD-WAN policy intent.
If you want a site to have cloud breakout enabled, you must assign cloud breakout settings for that site.
A site can have only one cloud breakout setting associated with it at any given time.
Sites with SD-WAN Essentials service do not support cloud breakout profiles.
To assign one or more sites to a cloud breakout profile:
- Select Configuration > SD-WAN > Breakout Profiles.
The Breakout Profiles page appears.
- On the Cloud Breakout Settings tab, select
a cloud breakout profile and click Assign Sites.
The Assign Cloud Breakout Settings to Sites page appears displaying the name of the cloud breakout setting and the existing sites to which you can assign the setting. All SD-WAN sites that have local breakout enabled will be displayed in the Available sites column.
- In the Sites field, select one or more sites in the Available
column and click the right arrow icon to move the selected sites to
the Selected column. You can also use the search icon on the top right
of each column to search for sites names.
Alternatively, if you want to remove sites that you previously selected for assignment, select one or more sites in the Selected column and click the left arrow icon to move the selected sites back to the Available column.
You must select at least one site before proceeding.
- Click Next.
The Edit Site Tunnels tab is displayed.
- Review the configuration and modify the settings, if needed.
For IPsec Tunnels, ensure that the format for the FQDN is as follows:
Site-name.primary_link.primary_gateway.1@Customer-Domain-Name for the primary gateway primary link
Site-name.backup_link.primary_gateway.1@Customer-Domain-Name for the primary gateway backup link
Site-name.primary_link.backup_gateway.1@Customer-Domain-Name for the secondary gateway primary link
Site-name.backup_link.backup_gateway.1@Customer-Domain-Name for the secondary gateway backup link
Where Site-Name is the name of the site (in CSO) for which the breakout is configured and Customer-Domain-Name is the name of the customer domain (in CSO) that you added while onboarding the tenant (Administration Portal > Tenants > Add Tenant > Tenant Properties > Cloud Breakout Settings).
For GRE tunnels, ensure that the primary and secondary gateway internal IP prefix is same as provided by the Zscaler.
- Select the local links (WAN links) to create the tunnel.
- Select the link mode as Active-Active or Active-Backup. The primary link is always set to active mode and is used to send the traffic. If secondary link is set to active, the CPE device will load balance the traffic on both primary and secondary links. If the secondary link is set to backup, then secondary link will not be used to send traffic unless the primary link fails.
- Click OK.
A Job is created and you are returned to the Breakout Profiles page (Cloud Breakout Settings tab). After successful completion of the job, the names of the sites to which the settings are assigned are displayed in the Sites column.