To configure an Azure Virtual WAN (VWAN) location:

You must complete the procedure for Configuring a Microsoft Azure Virtual WAN Integration before you can sync and configure tunnels for your Azure hubs.

1. Go to Administration > Location Management.

If you clicked on the hub sites hyperlink within the Administration > Partner Integrations > Azure Virtual WAN tab, you are automatically redirected to this page.

2. Click the Azure Virtual WAN Locations tab.

All newly synced Azure hubs have their tunnel configuration listed as Not Configured.

See image.

The date and time of the Last Sync and Last Refresh is always displayed in the upper-right corner next to the search field. If you are not seeing your synced hub locations, click Sync to manually re-sync the information or click Refresh to update the tunnel configuration information.

See image.

3. Within the table, find the Azure hub location you want to configure an IPSec tunnel for and click the Edit icon.

The Edit Azure Hub window appears.

4. In the Edit Azure Hub window, click Start Configuration. Zscaler will immediately begin to set up IPSec tunnel configuration objects for the selected Azure hub.

See image.

When you start the configuration the status changes to In Progress. During this time, the Zscaler service will:

1. Check with Azure to obtain hub configuration information.
2. Find the closest Zscaler data center (DC) and configure the hub to create an outbound tunnel to that DC.
3. Fetch the IPSec pre-shared key for the VPN site from the hub.
4. Provision the hub's IP address for the proper Zscaler cloud and organization.
5. Create the VPN credentials using the IPSec pre-shared key associated to the VPN site and the hub's IP address.
6. Create a new Zscaler location for the hub and associate the VPN credentials to it.

5. Click Done.

After the configuration completes, the Tunnel Status changes to Configured and the IP Address displays the relevant information for that IP. However, VPN Connection will remain unlisted, or is set as unknown, at this time.

6. Activate the change.

The VPN Connection column displays the primary tunnel status for the configured Azure hub locations.

You can view all Azure hub locations from this tab under the Locations tab. The Locations page allows you apply Zscaler service features, such as enforcing authentication, enabling SSL Inspection, etc. to any locations associated to the hubs.