Azure Virtual WAN Integration Overview and Demo

Moving workloads to Microsoft’s Azure cloud is a popular choice for organizations. But like all data services, security is still required, and Zscaler is an approved Security As A Service (SecAAS) provider.

Connecting Zscaler and Azure can be handled via an encrypted IPsec connection. We’ve recently made this easier with the generally avaialble (GA) of our one-touch configuration to all customers. Leveraging Microsofts APIs we’ve been able to automate the setup of the IPsec connection between the Azure and Zscaler clouds. In this talk I’ll start by introducing you to concepts around:

  • Azure Virtual Hub replaces the use of third party virtual gateways
  • The differences between a Virtual Hub and a Secured Virtual Hub
  • Azure Firewall Manager operation
  • Prerequisits for Zscaler to connect to Azure via IPsec

From there I’ll demonstrate how this functionality can be configured, showing the end-to-end setup. You can learn more about Azure Virtual WAN here


Great video, thanks for sharing! Couple of questions.

Let’s say I configured the Gateway scale until to 500 Mbps on day 1. About a year later, I am now tapping the ceiling of that throughput. Can I go back into the secured virtual hub and change the gateway scale units or do I have to redeploy entirely? Also, from a resiliency perspective, how would the customer monitor to ensure they don’t run into limits? Or is our recommendation to just deploy the secured virtual hub with a crazy scale like 4gbps?

A customer wants to know, after tunnels has been created, can we change the role from contributor to something else, which has less privileges?

If they do that, they will not be able to make any future changes to the tunnel. like deleting it.
If they want to reduce the scope of the role, just assign it to the relevant Resource Group, so it can not make change to anything else on Azure.

@mjasyal can you answer my questions above?

I am not sure if the hub can be reconfigured to higher bandwidth. I’ll have to check.

When you are spinning up the secure wan hub, you can select other options beyond 500Mbps. Is that a static value only? You’d think they could change it.