How to enable Cloud SWG localisation zones with IPSEC access method
Article ID: 378160
Updated On:
Products
Cloud Secure Web Gateway - Cloud SWG
Issue/Introduction
WSS Agent users can access localisation zones without issues e.g. users in Greece automatically egress with Greek registered IP addresses when connecting to Cloud SWG.
WSS Agent has the ability to send the user country into Cloud SWG so that proxy can make this decision.
With IPSEC, there is no VIP specific to the localisation zones published and no clear instructions on how users in Greece can egress with Greek IP addresses.
Is it possible to use localisation zones with IPSEC?
Environment
IPSEC access method.
Cloud SWG.
Localisation zone.
Cause
With IPSEC, localisation zones can be enabled by setting the Country field correctly within the Cloud SWG Portal location settings.
Resolution
For localisation zones to work with IPSEC tunnels, the following changes must be made:
- Bring up the tunnel to the INGRESS IP address of the POP hosting the localisation zone. Using Greece as an example, this is hosted in GROBU (Bucharest, Romania) and the IPSEC tunnel should be established to this site.
- Make sure that the Country setting for this IPSEC location is defined as the localisation country we want to use. In the Above example, we set this to be Greece as shown below:
- From a workstation behind the IPSEC tunnel, send a request into https://ifconfig.io for example and confirm that the egress IP address reported matches the localisation zone expected.
Feedback
Yes
No
Powered by
