To configure a Zscaler IPSec tunnel using Aware, navigate to Manage > Configuration and Import the current configuration file from the Active NCN. Click on the Advanced tab, expand Connections > [Site Name] > IPSec Tunnels and click the (+) icon.

Select Zscaler as the Service Type, select the Local IP address, fill in the Peer IP address of the Zscaler Enforcement Node (ZEN), enter the IKE Pre-Shared Key, and click Apply.

• Firewall – Adds a Deny policy from Default_LAN_Zone to Untrusted_Internet_Zone.
• NAT – Deletes the default outbound PAT policy, if one exists.
• Routing – Adds a 0.0.0.0/0 route over the Zscaler tunnel and a /32 host-route of the tunnel Peer IP to the gateway.

Save the configuration and Export it to the Change Management inbox of the NCN. Follow the Change Management process to Stage and Activate the new configuration.