End User GuideRelease NotesCustomer Support Portal
Administrator Guide

IPSec Termination

Suggest Edits

Why Establish IPsec Tunnels with an SSE Service?

Integrating IPsec connectivity into the SSE enables organizations to extend cloud-delivered security services to branch networks, data centers, and devices without requiring a full client-based deployment. By anchoring both private and public application access to the same SSE fabric, traffic is evaluated against a common set of security and access policies, regardless of where it originates. This unifies policy enforcement across users and devices, and elevates elevating the security capabilities applicable to of branch networks with advanced capabilities such as Data Loss Prevention (DLP), Cloud Access Security Broker (CASB), sandboxing and other advanced security features delivered as a service.

IPsec integration into an SSE aligns closely with core SASE principles by reinforcing the following:

  • Converged Networking and Security: IPsec provides a standards-based way to connect sites, clouds, and devices into the SSE fabric, allowing network connectivity and security enforcement to operate as a single, integrated service rather than separate stacks.
  • Identity- and Policy-Driven Access: Terminating IPsec tunnels into the SSE fabric uses the same identity-aware and context-driven policies, that govern user-based access, to evaluate traffic. This ensures consistent enforcement regardless of user location or network attachment.
  • Cloud-Delivered Security Everywhere: SASE emphasizes delivering security capabilities from the cloud to augment those of on-prem appliances. IPsec extends SSE protections such as CASB, sandboxing, and content inspection to branch and site traffic without deploying or maintaining complex local infrastructure.
  • Consistent Experience for Users and Devices: Whether access originates from a roaming user, a branch office, or a cloud workload, traffic follows through the same security path and policy logic. This eliminates policy fragmentation and aligns with SASE’s goal of providing uniform security and access across all edges.

IPsec acts as an on-ramp into the SASE architecture, enabling non-user-based traffic to benefit from the same cloud-native, policy-driven security model that SSE provides for users.

Updated about 11 hours ago

What’s Next
Copyright © 2025 HPE Aruba Networking SSE. All rights reserved.