Skip to main content
Skyhigh Security

Reconfigure IPSec Tunnels in ePO Cloud

If you have configured IPSec tunnels in ePO Cloud (manage.mcafee.com).

  1. Sign in to ePO Cloud.
  2. Go to Web Protection > Authentication Settings > IPsec Site-to-Site Settings.
  3. For each enabled IPSec tunnel, gather the Name, External IP, Local Network, and Pre-shared key.
  4. If Authentication is enabled for any of the tunnels, gather the SAML authentication information.
  5. Sign in to Skyhigh Security Cloud (auth.ui.mcafee.com).
  6. If you used SAML authentication for any tunnels:
    • For each SAML Configuration, go to Configuration > Infrastructure > Web Gateway Setup > Setup SAML > New SAML
    • Configure each IdP to match the settings in ePO Cloud.
  7. Go to Configuration > Infrastructure > Web Gateway Setup > Configure Locations > New Location
  8. Create a matching Location for each tunnel that was configured and enabled in ePO Cloud.
    • Enter the Name of the tunnel copied from ePO Cloud.
    • If SAML was configured for the tunnel, select the appropriate SAML configuration
    • Select the Log Data Residency for the tunnel.
    • Define the IPSec Mapping to match the ePO Cloud settings for the tunnel:
      • Client ID Type. Select Use Client Address. (Other options are now available, but originally ePO Cloud only allowed this Client ID Type.)
      • Enter the Client Address from ePO Cloud.
      • Enter the Pre-shared Key from ePO Cloud.
      • Enter the subnet to protect from ePO Cloud. (Multiple disjoint subnets are supported, but originally ePO Cloud only allowed a single subnet per tunnel.)
      • Click Save.
  9. Reconfigure your tunnel endpoints to point to these locally resolved addresses:
    • 1.network.c<customerid>.wgcs.skyhigh.cloud
    • 2.network.c<customerid>.wgcs.skyhigh.cloud (if you have a secondary)
  • Was this article helpful?