Site Management

This is the management page for configuring SASE. Through Site Management, you can create Service Edges (ZTNA Gateway, Hub) in the Cloud and configure Branches to connect to Service Edges.

Site Types

Sites can be created as either Hub type or Branch type.

Hub Type

Hub type sites deploy Service Edge (ZTNA Gateway) and perform the following roles:

• Connection point for ZTNA Clients: ZTNA Clients access the network through Hub sites. A Hub type site is required to use ZTNA Clients.

• IPsec tunnel relay between Branch sites: Relays IPsec tunnels with Branch type sites to provide access to Branch networks.

• When there are multiple Hub sites, you can configure tunnels between Hub sites to implement high availability and regional distributed access.

Branch Type

The Branch type represents remote branch office networks and communicates with the central network and other Branches through Hub sites.

• Access through Hub: Branch sites are not direct connection targets for ZTNA Clients and are accessed via Hub sites.

• Selecting Parent Hub site: When creating a Branch, you can configure an IPsec tunnel by specifying a Parent Hub.

• Routing information for the Branch site network is delivered to the Hub, allowing ZTNA Client users to access resources in the Branch network through the Hub.

Site Connection Methods

• You can connect to the Hub by running IPsec on the ZTNA Gateway.

• Integration between dedicated IPsec devices (Cisco, Fortinet, etc.) and ZTNA Hub sites is possible.

• If direct routing between the Hub and Branch is possible, you can connect to the Hub via routing.

How to Configure a Site

1. Click System -> Site

2. Click Select Action -> Create

3. Enter basic information

   • Enter the Site Name to use

   • Set the type (Hub, Branch)

   • Configure the infrastructure (Cloud, On-Premises)

     • For Cloud, you must configure Cloud Provider, Region, and VPC ID.

     • Use a previously created Cloud Provider. If none exists, refer to How to create a Cloud Provider to create one.

     • Set the Region that matches the location.

     • Select the VPC ID to configure the site. When you select a VPC ID, the Network Address is automatically set to the VPC range.

     • For On-premises, set the IP range of the site to be created in Network Address.

   • Select options to be used per site. [ ZTNA-IPsec, ZTNA-Client, Routing, Collector, URL Filter ]

Site Options

The available site options are ZTNA-Client, ZTNA-IPsec, Routing, Collector, URL Filter.

• ZTNA-Client
• ZTNA-IPsec
• Collector