IP Addresses for Cloud SWG-Integrated Services WSS Agent: Nearest data center selection is performed automatically by the agent based on the geo-location of the end user's public egress IP address.
Tunnel Mode: Nearest data center selection is performed automatically by the agent based on the geo-location of the end user's public egress IP address.
This hostname automatically resolves to the nearest Cloud SWG data center based on the geo-location of the client's DNS resolver.
IPsec backup tunnels should never point to the same "compute POP" (data center) that the primary tunnel is going to.Įxplicit over IPsec: Explicit traffic redirection within an IPsec tunnel to Cloud SWG should always point to ep.:80.IKEv2 FQDN phase 2 lifetime should be 50 minutes.IPsec phase 1 lifetime should be 24 hours, and phase 2 lifetime should be four hours.IPsec configurations should have dead peer detection (DPD) enabled and a tunnel monitor (ie, IPSLA) configured.IPsec connections are only accepted by the IPsec specific ingress IP addresses in the table below.All other connections should use Cloud SWG data center hostnames. Only IPsec connections should redirect traffic to an IP address.IPsec: For fault tolerance, fixed site backup connections should have IPsec tunnels to a physically separate compute region relative to your primary site, as well as: Best Practices based on Connection Type (Access Method)
0 kommentar(er)
