Need help creating an IPSEC Policy IKEv2 that follows the following suggestions

Question

I've been working on this all weekend and I can't seem to come up with a working IPSEC Tunnel. 
 
 I'm trying to set up an IPSEC IKEv2 Tunnel to Zscaler for purpose of testing. I'm trying to follow Zscaler's IPSEC recommendations, but I'm doing something wrong. So my first ask is: 
 Using the link here --> https://help.zscaler.com/zia/configuring-ipsec-vpn-tunnel , I'm trying to set up the IPSEC policy for using IKEv2 as per this article --> https://help.zscaler.com/zia/configuring-ipsec-vpn-tunnel 
 
 Problem is I don't know if I'm setting this right or not as per the article above. I've created several iterations of this and I always seem to get the yellow warning sign when I'm trying to match DFH 2 & 14 to AES 256 with SHA 256... Anyone care to create a policy as per the Zscaler document and post it for me to follow? 
 I'm using 17.MR9 XG

FormerMember · Accepted Answer

Hi tai1spin, 
 I just tried to create the IPsec policy as per the zscaler document and I was able to save the policy. 
 The yellow warning sign indicates that policy parameters selected are not considered secure. There is no issue with the policy configuration, it is DH group 2 and 3DES are not considered as secure. 
 Thanks,