Implementation

How does SaaS Express impact PBR, DPS, and other policies?

When the SaaS traffic is traversing the Branch Gateways, the following components decide the path:

When the control-plane traffic is traversing, the following components decide the path:

Where are the Microsoft 365 URLs and IP address ranges listed?

Microsoft 365 provides an API Application Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software. to help SD-WAN Software-Defined Wide Area Network. SD-WAN is an application for applying SDN technology to WAN connections that connect enterprise networks across disparate geographical locations. vendors classify their IP Addresses and FQDNs. By probing aka.ms/IPURLWS, the SD-WAN learns what IPs/FQDNs are being used by the different applications in Microsoft 365. For more information, see Office 365 URLs and IP Address Ranges.

How does SaaS Express work in conjunction with Cloud Security or Cloud Connect integrations?

SaaS Express optimizes traffic taking the direct path out of the Branch Gateway, which means that the optimization does not apply to traffic tunneled through a SASE provider. The application_saas application groups are automatically created when defining the SaaS Express applications to facilitate adding exceptions to the PBR policies that would otherwise tunnel all Internet traffic through a cloud security provider.

Does the WebCC classifications and reputation score apply to SaaS Express applications?

WebCC and SaaS Express are orthogonal, where WebCC or Reputation is a security construct and SaaS Express is focused on optimization. They are therefore unrelated.

Can I use SaaS Express for my homegrown SaaS application hosted on a public cloud?

Yes, SaaS Express allows defining custom applications. You can define your application on the configuration page under Global > Applications > SaaS Express > Config.

How do I configure the firewall policy for SaaS Express applications?

In the same way like how the application_saas application groups are leveraged when configuring routing ACLs Access Control List. ACL is a common way of restricting certain types of traffic on a physical port., these can also be used in session-based ACLs to define security policies.

Can I use SaaS Express at the headend gateway?

No, SaaS Express is only available for Branch Gateways.