Skyhigh Security WSGS authenticates the traffic that it receives through an IPsec tunnel configured from any site or location.
NOTE: IP addresses are supported in IPv4 format. Specify IP address ranges using CIDR notation with a network size range of 8–32 bits.
- On the Skyhigh CASB navigation bar, click the Settings icon.
- Select Infrastructure > Web Gateway Setup.
- Click New Location, then provide a name for the location.
- Select IPsec Mapping, select an option from the Client ID Type drop-down list, then configure your identity settings:
- Use Client Address — Provide an IP address or domain name for the Client Address.
- Use Fully Qualified Domain Name — Provide the FQDN for the Client ID and an IP address or domain name for the Client Address.
- Use specific IPv4 Address — Provide an IPv4 address for the Client ID and an IP address or domain name for the Client Address.
- Use a User FQDN — Provide the FQDN for the user, such as an email address, in the Client ID field and an IP address or domain name for the Client Address.
- In the Pre-Shared Key field, provide a key value that you define. Skyhigh Security WSGS uses this value to authenticate web traffic received through the IPsec tunnel.
- In the Subnet field, specify your network's internal IP addresses. Optionally add a comment, then click the + icon to add another subnet to the list.
- Click Save.
The named location is saved with IPsec mapping configured.
You can publish saved changes to the cloud now or keep working and publish later.