Connecting Sites to the Cloud
You can connect any location or site to Skyhigh Web Security Gateway Service by setting up a tunnel from a networking device or SD-WAN service to the cloud service.
If you are using a Software-Defined Wide Area Network (SD-WAN) to connect your sites, you can redirect web traffic to WGCS, where it is filtered according to your organization's web policy. SD-WAN combines traditional WAN technologies, such as MPLS and broadband connections, by abstracting them from hardware.
An SD-WAN solution enhances connectivity between sites and provides enhanced management and monitoring of network traffic.
IPsec versus GRE tunneling protocols
Traffic is routed from your location or site to WGCS through a tunnel using one of these protocols:
- Internet Protocol Security (IPsec) — IPsec is a secure network protocol suite that authenticates and encrypts packets of data, securing communications between computers over an Internet Protocol network. Unlike GRE, IPsec can only tunnel IP packets.
- Generic Routing Encapsulation (GRE) — GRE is a tunneling protocol that can encapsulate a wide variety of network layer protocols inside virtual point-to-point or point-to-multipoint connections over an Internet Protocol network. GRE does not provide the authentication and encryption security features that IPsec provides.
Required configuration
To build an IPsec or GRE tunnel, you must configure:
- IPsec or GRE tunnel mapping in Secure Web Gateway configurations
- IPsec or GRE tunnel interfaces on your networking device or in your SD-WAN service
SD-WAN solutions
You can build tunnels from any standard SD-WAN solution to WGCS. The following SD-WAN solutions have been tested and validated with WGCS.
- Cisco
- Citrix
- Fortinet
- Silverpeak
- Versa
- VMware