SaaS Apps

SAAS breakout

SAAS apps can be configured via the SAAS apps page. This is a selection from the nDPI apps. The user is given the flexibility to determine which app can be trusted or not. Once configured any application designated as a SAAS app, when detected is sent via the SAAS breakout gateway.

Internet breakout and SAAS breakout can share the same interfaces. SAAS breakout can be created only using interfaces designated as WAN.

*Please note nDPI detection can happen for the first packet or later in the flow, but deciding a gateway or interface can happen only if the application determination can be made from the first packet. As nDPI is only for internet applications maintaining the flow is very important so as to not break the NAT connections. First packet application detection can only have from an IP database. For example a TLS application flow can be detected after about 11 packets. So here packet redirection will not work even though the app was detected later on.

Deployment Methods

Local Internet breakout in a standalone deployment

loadbalancer

Local Internet breakout with Shared WAN Interfaces for Branch Traffic to DC / Branch

loadbalancer

Separate WAN Interfaces for Internet and Tunnel Traffic

loadbalancer

Internet breakout via DC, with local SAAS Breakout on shared WAN interfaces

loadbalancer

Internet breakout via DC, with local SAAS Breakout on separate WAN interfaces

loadbalancer

Configuration Parameters

Add a Load Balancer gateway

loadbalancer

Edit a Load Balancer gateway

loadbalancer

View the branch subnets configured for a single branch

loadbalancer

View the Load Balancer gateways

loadbalancer

Configure the Load Balancer

loadbalancer

Spillover or Dynamic Rebalancing Configuration

loadbalancer

Configure SAAS apps

loadbalancer

Tunnel Breakout Configuration

loadbalancer

Advanced

For troubleshooting purposes, when failures or routing updates are not being acted upon, the Load Balancer link monitor can be restarted. Please note that this operation will result in a momentary loss of branch and internet connecitivity from the LAN. This is an alternative to rebooting the Edge Controller itself

loadbalancer

Use Cases:

To classify and steer traffic over dedicated links.

Known Limitations:

Editing the remote LAN is not supported
The number of gateways supported depends on the underlying hardware

zWAN as a Solution

zTC as a Solution

Secure Endpoint Solutions

Zero Trust Network

Network Infrastructure

Network Storage

SaaS Apps

SnapOS

SnapOS

Getting Started

Session Connections

Peripheral & Application Management

Security & Certificates

System Administration & Updates

Diagnostics & Recovery

Support & Resources

zMAN

Overview & Architecture

Installation & Setup

Onboarding

Analytics & Monitoring

Device Management & Dashboard

Firmware & Repository Management

Profiles & Settings Management

Support & Resources

zDM Integration & Provisioning

Solutions

Voice-Over-IP/Video Conferencing

Validation and Test Cases

Proof of Concept Test Cases

zTC

Diagnostics & Recovery

Getting Started

Peripheral & Application Management

Security & Certificates

Session Connections

Support & Resources

System Administration & Updates

zWAN

Deployment

Getting Started

Introduction

Configuration

Installation Guides

POC Evaluation

Director

Device Management

Edge Controllers

Analytics

System

Backup and Restore

Network

Analytics

Reporting

Alerting

User Management

Edge Controllers

z25

Troubleshooting

z40

Device Management

z50

Troubleshooting

Frequently Asked Questions

zAccess

Endpoint Sessions

Event Logs

Gateway Devices

Network Configuration

Policy Configuration

StorTrends

Best Practice Guides

Configuration Guides

SaaS Apps

SAAS breakout

Deployment Methods

Local Internet breakout in a standalone deployment

Local Internet breakout with Shared WAN Interfaces for Branch Traffic to DC / Branch

Separate WAN Interfaces for Internet and Tunnel Traffic

Internet breakout via DC, with local SAAS Breakout on shared WAN interfaces