SASE Architecture: Cisco Viptela SD-WAN With Netskope (SSE) Lab

62 Launches
Solution Overview

The Cisco SD-WAN Integration Lab Series is a capability of the Advanced Technology Center (ATC) designed to give customers an environment to gain hands-on experience to evaluate new and emerging cloud and infrastructure solutions. The lab provides the same Netskope security capabilities seen in production and virtual SD-WAN devices to provide an experience as close to a real deployment as possible.

Secure Access Service Edge (SASE) is becoming extremely popular due to its ability to secure, optimize and simplify a cloud-first architecture. This lab is meant to show that Netskope can easily be integrated with Cisco SD-WAN to secure direct internet access (DIA) from the branch as well as provide a Zero Trust Network Architecture (ZTNA) to remote users.  

In this environment you will gain a working knowledge of the following SASE components:

  • Secure Automated WAN
  • VPNaaS
  • Secure Direct Internet Access
  • Zero Trust Network Access
  • Secure Web Gateway
  • Data Loss Prevention

Goals & Objectives

This lab aims to demonstrate how fast and effective it can be to implement Netskope Security Service Edge (SSE) as part of your security stack. This lab should demonstrate how, in combination with Cisco SD-WAN, Netskope SSE can secure your branch internet access and secure your remote workforce.  

For Cisco SD-WAN, you will learn:

  • Setting up tunnels to the Netskope cloud with the SIG feature template.
  • Routing internet-bound traffic to SIG tunnels.
  • Using a data policy to direct specific traffic to SIG tunnels.
  • Monitoring tunnels using the CLI and vManage GUI.

For Netskope, you will learn:

  • Setting up users and network locations.
  • Creating a tunnel configuration and choosing POPs.
  • Creating Secure Web Gateway rules.
  • Creating Data Loss Prevention rules.
  • Creating a Netskope Publisher and how it works with ZTNA.
  • Steering traffic using client templates.

Hardware & Software


  • Netskope Cloud-Delivered Management Interface
  • 2x Netskope Publisher

Cisco SD-WAN

  • 1x Cisco vManage (
  • 1x Cisco vBond (20.6.2)
  • 1x Cisco vSmart (20.6.2)
  • 2x Cisco 8000v (17.6.2)
  • 1x Cisco vEdge Cloud (20.6.2)