Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Reconfigure IPSec Tunnels in ePO Cloud

If you have configured IPSec tunnels in ePO Cloud (

  1. Sign in to ePO Cloud.
  2. Go to Web Protection > Authentication Settings > IPsec Site-to-Site Settings.
  3. For each enabled IPSec tunnel, gather the Name, External IP, Local Network, and Pre-shared key.
  4. If Authentication is enabled for any of the tunnels, gather the SAML authentication information.
  5. Sign in to Skyhigh Security Cloud (
  6. If you used SAML authentication for any tunnels:
    • For each SAML Configuration, go to Configuration > Infrastructure > Web Gateway Setup > Setup SAML > New SAML
    • Configure each IdP to match the settings in ePO Cloud.
  7. Go to Configuration > Infrastructure > Web Gateway Setup > Configure Locations > New Location
  8. Create a matching Location for each tunnel that was configured and enabled in ePO Cloud.
    • Enter the Name of the tunnel copied from ePO Cloud.
    • If SAML was configured for the tunnel, select the appropriate SAML configuration
    • Select the Log Data Residency for the tunnel.
    • Define the IPSec Mapping to match the ePO Cloud settings for the tunnel:
      • Client ID Type. Select Use Client Address. (Other options are now available, but originally ePO Cloud only allowed this Client ID Type.)
      • Enter the Client Address from ePO Cloud.
      • Enter the Pre-shared Key from ePO Cloud.
      • Enter the subnet to protect from ePO Cloud. (Multiple disjoint subnets are supported, but originally ePO Cloud only allowed a single subnet per tunnel.)
      • Click Save.
  9. Reconfigure your tunnel endpoints to point to these locally resolved addresses:
    •<customerid> (if you have a secondary)
  • Was this article helpful?