Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
Implementation
How does SaaS Express impact PBR, DPS, and other policies?
When the SaaS traffic is traversing the Branch Gateways, the following components decide the path:
- Security: Firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. policies leverage the applications defined by SaaS Express.
- Policy Based Routing (PBR Policy-based Routing. PBR provides a flexible mechanism for forwarding data packets based on polices configured by a network administrator.): PBR influences the paths or next-hops that will be available for the application.
- Routing: Defines a set of best routes (or default-gateways).
- WAN Wide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance. Policies: (DPS and SaaS Express) Pick the best routes provided by PBR or routing.
When the control-plane traffic is traversing, the following components decide the path:
- Probes: Sent to the SaaS front doors to measure quality through every ISP Internet Service Provider. An ISP is an organization that provides services for accessing and using the Internet..
- DNS Domain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. traffic: DNS traffic is snooped to learn the destination IP addresses associated with each domain.
- DNS requests: DNS requests to SaaS domains are proxied to the servers learned from each ISP.
Where are the Microsoft 365 URLs and IP address ranges listed?
Microsoft 365 provides an API Application Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software. to help SD-WAN Software-Defined Wide Area Network. SD-WAN is an application for applying SDN technology to WAN connections that connect enterprise networks across disparate geographical locations. vendors classify their IP Addresses and FQDNs. By probing aka.ms/IPURLWS, the SD-WAN learns what IPs/FQDNs are being used by the different applications in Microsoft 365. For more information, see Office 365 URLs and IP Address Ranges.
How does SaaS Express work in conjunction with Cloud Security or Cloud Connect integrations?
SaaS Express optimizes traffic taking the direct path out of the Branch Gateway, which means that the optimization does not apply to traffic tunneled through a SASE provider. The application_saas application groups are automatically created when defining the SaaS Express applications to facilitate adding exceptions to the PBR policies that would otherwise tunnel all Internet traffic through a cloud security provider.
Does the WebCC classifications and reputation score apply to SaaS Express applications?
WebCC and SaaS Express are orthogonal, where WebCC or Reputation is a security construct and SaaS Express is focused on optimization. They are therefore unrelated.
Can I use SaaS Express for my homegrown SaaS application hosted on a public cloud?
Yes, SaaS Express allows defining custom applications. You can define your application on the configuration page under Global > Applications > SaaS Express > Config.
How do I configure the firewall policy for SaaS Express applications?
In the same way like how the application_saas application groups are leveraged when configuring routing ACLs Access Control List. ACL is a common way of restricting certain types of traffic on a physical port., these can also be used in session-based ACLs to define security policies.
Can I use SaaS Express at the headend gateway?
No, SaaS Express is only available for Branch Gateways.