Netskope API integration with Aruba EdgeConnect SD-WAN
This integration enables you to automatically configure tunnels from Aruba EdgeConnect SD-WAN routers to Netskope’s security service edge (SSE). Aruba’s SD-WAN will build tunnels to the closest primary and secondary Netskope POP with the ease that you would expect from Aruba SD-WAN Orchestration.
SSE defines the set of security services that help deliver on the security vision of SASE. These security services include firewall-as-a-service (FWaaS), secure web gateway (SWG), cloud access security broker (CASB), zero trust network access (ZTNA) and related security functions such as remote browser isolation (RBI), data loss prevention (DLP) and cloud & SaaS security posture management (CSPM/SSPM).
Netskope tenant with API tunnels enabled
Aruba SDWAN Orchestrator running >9.3
Generate API token
Traffic Steering / Business Intent Overlays
As of writing this document, you will need to contact your sales team to have the automatic tunnels API enabled.
Generate API token
In your Netskope tenant go to Settings > Tools > REST API v2 > New Token
Add permission scopes to the token. You may not need both IPSec and GRE depending on your deployment.
@Gary-Jenkins - Great article. Is this for converging Aruba SD-WAN with Netskope SSE for delivering SASE architecture? Also a suggestion, if you could give some detailed background regarding this integration and what it delivers at the end would be great.
Thanks for the feedback, I will add it this week. To answer your question, Yes, this is part of a SASE architecture. Say you have 1,000 Aruba Edge Connect routers deployed and you wanted to add Netskope NGSWG/CASB. This workflow will allow you to automatically add the IPSec tunnels from your routers to Netskope without having to figure out closest NS pop and without dealing with configuring all of the IPSec tunnels.