Zscaler Internet Access CloudBlade Version 2.0.0
This section includes new features, caveats/limitations,
and downgrade considerations.
New/Updated Features
Starting with release
version 2.0.0, the Zscaler CloudBlade supports both IPSec and GRE
tunnels. Zscaler Internet Access (ZIA) has launched APIs that can
be used to build GRE tunnels to Zscaler nodes from branches that
require high throughput. Each GRE tunnel can have up to 1 Gbps bandwidth.
The AUTO-zscaler-GRE tag
is added to a site and circuit to create the GRE tunnels. The site
tag is extended for sub-location, custom endpoint, and other options,
while the circuit tag is a static tag. A single interface on the
device supports both the IPSec tunnels (AUTO-zscaler tag) and GRE
tunnels (AUTO-zscaler-GRE tag). If a circuit is tagged with both
AUTO-zscaler and AUTO-zscaler-GRE tags on an interface, then both
IPSec and GRE tunnels are established to the specific ZEN Nodes.
Changes to Default Behavior
When you roll
back the Zscaler Internet Access CloudBlade from 2.0.0 version to
1.4.1 or 1.3.1, remove the GRE tag at the site and circuit levels.
Ensure the GRE ServiceLinks are deleted as GRE is not supported
in lower versions of the CloudBlade.
Caveats/Limitations
The following caveats
are observed with the Zscaler Internet Access CloudBlade:
If
one or more IPs used in Custom Endpoints is not part of the ranked
list (closest data centers), the tunnels will not be established.
The Zscaler-requery-GRE-IPs tag must
be used on the site in order to update the GRE tunnels to the latest
available closest data centers.
