Reconfigure IPSec Tunnels in ePO Cloud
If you have configured IPSec tunnels in ePO Cloud (https://manage.trellix.com).
- Sign in to ePO Cloud.
- Go to Web Protection > Authentication Settings > IPsec Site-to-Site Settings.
- For each enabled IPSec tunnel, gather the Name, External IP, Local Network, and Pre-shared key.
- If Authentication is enabled for any of the tunnels, gather the SAML authentication information.
- Sign in to Skyhigh Security Cloud (https://auth.ui.trellix.com).
- If you used SAML authentication for any tunnels:
- For each SAML Configuration, go to Configuration > Infrastructure > Web Gateway Setup > Setup SAML > New SAML.
- Configure each IdP to match the settings in ePO Cloud.
- Go to Configuration > Infrastructure > Web Gateway Setup > Configure Locations > New Location.
- Create a matching Location for each tunnel that was configured and enabled in ePO Cloud.
- Enter the Name of the tunnel copied from ePO Cloud.
- If SAML was configured for the tunnel, select the appropriate SAML configuration.
- Select the Log Data Residency for the tunnel.
- Define the IPSec Mapping to match the ePO Cloud settings for the tunnel:
- Client ID Type. Select Use Client Address. (Other options are now available, but originally ePO Cloud only allowed this Client ID Type.)
- Enter the Client Address from ePO Cloud.
- Enter the Pre-shared Key from ePO Cloud.
- Enter the subnet to protect from ePO Cloud. (Multiple disjoint subnets are supported, but originally ePO Cloud only allowed a single subnet per tunnel.)
- Click Save.
- Reconfigure your tunnel endpoints to point to these locally resolved addresses:
- 1.network.c<customerid>.wgcs.skyhigh.cloud
- 2.network.c<customerid>.wgcs.skyhigh.cloud (if you have a secondary)