Configuring the B01 Branch Office ip|engine
B01 is connected to the Data Center through one tunnel over the Internet. Another tunnel connects B01 to B02.
Identifying the ip|engine
After the B01 ip|engine with the 'SN123455' Serial Number (and its Model/Version information) has been automatically provisioned in the SD-WAN Orchestrator from the ZTP Server, as indicated via the 
sign, it appears under the 'Not Configured' tab of the Network -> Configuration window.
Proceed as follows to identify and further configure the ip|engine.
|
1
|
In the Network -> Configuration window, click  to edit the ip|engine. |
|
2
|
In the Deployment Mode panel, select the Router option and hit the  icon to enable the related panels and functions of the interface. |
|
3
|
In the General panel, enter the Name of the ip|engine as well as the name of the related Site (B01). |
The 
button at the right of the Site Name enables you to display the Site subnets.
|
4
|
Select the Auto option of the Local AS parameter. The related field is automatically populated with a number selected by the Orchestrator from the AS Number Range you have specified in the Overlay Routing panel of the Advanced Configuration window. |
This parameter is used in the B01 WAN for tunnel mapping between this Site and the other Sites it will be connected to (Data Center and B02).
|
5
|
Through the Role field, define the ip|engine as a Spoke since it identifies a Branch Office ip|engine (generates tunnel requests). Tunnels are always built from the spokes to the hub. |
|
6
|
Since NATted DTI traffic is enabled on the WAN1 interface, select the Syslog Server you defined in "Advanced Configuration" to enable log export. |
|
7
|
WAN Optimization is activated by default on this ip|engine if the matching license is available. |
Configuring the LAN
As a second step, configure the B01 ip|engine LAN which includes one physical interface. Refer to "Use Case 2" diagram where the LAN information is displayed in blue.
|
1
|
Click the Interfaces tab. |
|
2
|
Enter the ip|engine Management IP address (11.1.1.2), Prefix Length (24). |
The Management IP address is used for communicating with other ip|engines, the ZTP Server and the Orchestrator.
|
3
|
Use the default Auto Generated option (creation window only) to let the system allocate LAN addresses automatically to the Routers (Router X IP = Management IP + X) linked to the WANs in Router mode that you will configure for this ip|engine. Also refer to "IP Address allocation". |
In this example, Router 1 IP address will be automatically defined as it corresponds to WAN1.
|
4
|
Enable the DHCP Relay function and enter the DHCP Server Address (11.1.4.250). DHCP requests from the B01 ip|engine are propagated to the DHCP Server in the Data Center LAN. |
|
5
|
Do not enter any VLAN ID. Note that the grey values appearing in some fields of the interface are only given as examples and are not taken into account in the configuration. |
|
6
|
Since there is no router in the B01 LAN for exchanging routing tables, there is no additional subnet or sub-interface to define for configuring BGP peering (refer to "Configuring BGP") or OSPF adjacencies (refer to "Configuring OSPF"). |
Note: High Availability VRRP is enabled because B01 is used for "Use Case 6" configuration.
|
7
|
Leave the Speed parameter to Auto to let the system define the speed of the interface, or you can force the speed to 100FD or 1000FD. The full duplex speed is expressed in megabits per second. |
The following window displays the validated settings.
Configuring the WAN
As a third step, configure the WAN linked to the B01 ip|engine: Internet. Refer to "Use Case 2" diagram where WAN1 (Internet) details are displayed in orange.
|
1
|
Activate the WAN through the  icon. You may now enter field data. |
|
2
|
Select the Router option for this L3 interface. |
|
3
|
With the DHCP parameter activated by default, the interface IP Address, Prefix Length and Default Gateway are dynamically allocated (by the DHCP server of the Internet Access router) to the interface, since this WAN interface is connected to the Internet. |
|
4
|
As you already defined the 'Internet' type of Transport Network for the Data Center WAN, select it from the stack. |
When configuring a WAN for the first time, type the name of the network you are connected to, 'Internet' in the current example. Clearly identify each name through customization. Once a Transport Network type has been defined, you can select it from the stack when configuring subsequent WANs.
|
5
|
This interface is automatically eligible to DTI (Inherited ON) because you globally activated this policy for the 'Internet' Transport Network (refer to Advanced Configuration -> Transport Network Settings). You may also manage DTI individually for this Internet L3 interface by checking the ON or OFF options. |
|
6
|
Directly derived from the activated Eligible DTI option, keep the Enable NAT mode activated. This is a source-NAT where the Management IP address (11.1.1.2) is replaced with the 192.168.1.2 WAN1 IP address. This NAT only applies to the traffic sent over the Internet. The traffic to the Data Center and to other Sites is transferred through the IPsec tunnels. |
If you deactivate the Enable NAT mode which controls the firewall, incoming connections from the WAN are allowed to go to the LAN.
|
7
|
The Preference parameter is not available for a Spoke ip|engine. |
|
8
|
In the Access Bandwidth fields, define the up and down throughput (in kilobits per second) allocated to the WAN: 5000. |
|
9
|
Enter the MTU value which corresponds to the maximum number of bytes loaded in the Payload. The default value is 1500. |
|
10
|
Leave the Speed parameter to Auto to let the system define the speed of the interface, or you can force the speed to 100FD or 1000FD. The full duplex speed is expressed in megabits per second. |
|
11
|
The Internal Tunnels stack of values contains the WAN interfaces of the remote spoke sites which are connected to the same network as the B01 WAN1 interface. These interfaces are automatically detected by the Orchestrator. In "Use Case 2", the system offers 'B02-WAN1' you can add as additional connection to create a tunnel between B01 and B02. |
Note: The External Gateways and Local Port Forwarding configuration panels are not used for this interface.
|
12
|
Validate your input by hitting the Create button. The Overlay IP address is generated by the system as soon as the tunnel is created. |
If the ip|engine already exists and you modify any data, click the Update button.
Also see how to configure:
a multi-ip|engine Branch Office Site
traffic redirection to an external gateway
traffic redirection to a web security gateway
traffic redirection to EdgeSentry
a multi-ip|engine Data Center