Configuring the WAN(s)

As a third step, configure the three WANs linked to the B02 appliance: 2 MPLS and 1 Internet.

Warning: To configure a hybrid appliance, always start configuring the first WAN(s) in bridge mode (because of the Bypass function which is activated by default).

Refer to "Use Case 1" diagram where WAN1 (MPLS) details are displayed in green.

Activate the WAN through the

icon. You may now enter field data.

Select the Bridge option for this L2 interface.

Enter the CE router IP Address, 10.1.2.254. It must correspond to the LAN Interface IP Address.

As you already defined the 'MPLS' type of Transport Network for the Data Center WAN2, select it from the stack.

In the Access Bandwidth fields, define the up and down throughput (in kilobits per second) allocated to the WAN: 5000.

Select from the Coloring stack of values any Coloring Policy you previously configured through the Applications -> Configuration -> System Provisioning -> Coloring function (in this example, the default Coloring Policy for the DiffServ service). Refer to "Configuring Coloring".

The Bypass option is activated by default, i.e. the system will bypass the traffic in case of failure (e.g. power failure). When bypass is executed, services such as Visibility, Control, Optimization etc. are of course disabled.

Leave the Speed parameter to Auto to let the system define the speed of the interface, or you can force the speed to 100FD or 1000FD. The full duplex speed is expressed in megabits per second.

Refer to "Use Case 1" diagram where WAN2 (MPLS) details are displayed in green.

Activate the WAN through the

icon. You may now enter field data.

Select the Bridge option for this L2 interface.

Enter the CE router IP Address, 10.1.2.253. It must correspond to the LAN Interface IP Address.

Select the 'MPLS' type of Transport Network.

In the Access Bandwidth fields, define the up and down throughput (in kilobits per second) allocated to the WAN: 5000.

Leave the Speed parameter to Auto to let the system define the speed of the interface, or you can force the speed to 100FD or 1000FD. The full duplex speed is expressed in megabits per second.

Note: Since both WAN1 and WAN2 are configured with MPLS as Transport Network and because DWS is used, MPLS traffic will be sent to the best of these two WANs.

Refer to "Use Case 1" diagram where WAN3 (Internet) details are displayed in orange.

Activate the WAN through the

icon. You may now enter field data.

Select the Router option for this L3 interface.

Do not activate the DHCP function to proceed with Step 4.

Enter the WAN3 interface static information, 192.168.1.2 as IP Address, 24 as Prefix length. This address must be static to enable the configuration of Port Forwarding on the Internet Access router.

Enter the Default Gateway: 192.168.1.1

Define the Public IP address (120.2.2.2) which corresponds to the WAN side of the Internet Access router to which the WAN3 interface is connected. The Port Forwarding configuration of the Internet Access router enables this device to send the UDP packets to the appliance WAN3 on ports 500 (IKEv2) and 4500 (IPsec NAT Traversal). The Internet Access router also modifies the Egress packets in order to replace its 120.2.2.2 public address with the 192.168.1.2 WAN3 static address as destination address.

As you already defined the 'Internet' type of Transport Network for the Data Center and B01 WANs, select it from the stack.

When configuring a WAN for the first time, type the name of the network you are connected to, 'Internet' in the current example. Clearly identify each name through customization. Once a Transport Network type has been defined, you can select it from the stack when configuring subsequent WANs.

This interface is automatically eligible to DTI (Inherited ON) because you globally activated this policy for the 'Internet' Transport Network (refer to Advanced Configuration -> Transport Network Settings). You may also manage DTI individually for this Internet L3 interface by checking the ON or OFF options.

Directly derived from the activated Eligible DTI option, keep the Enable NAT mode activated. This is a source-NAT where the Management IP address (10.1.2.2) is replaced with the 192.168.1.2 WAN3 IP address. This NAT only applies to the traffic sent over the Internet. The traffic to the Data Center and to other Sites is transferred through the IPsec tunnels.

If you deactivate the Enable NAT mode which controls the firewall, incoming connections from the WAN are allowed to go to the LAN.

The Preference parameter is not available for a Spoke appliance.

In the Access Bandwidth fields, define the up and down throughput (in kilobits per second) allocated to the WAN: 2000.

Enter the MTU value which corresponds to the maximum number of bytes loaded in the Payload. The default value is 1500.

Leave the Speed parameter to Auto to let the system define the speed of the interface, or you can force the speed to 100FD or 1000FD. The full duplex speed is expressed in megabits per second.

The Internal Tunnels stack of values contains the remote WAN interfaces automatically detected by the Orchestrator (DataCenter-WAN2). Since you also connected the current appliance to the B01 appliance, the additional 'B01-WAN1' remote WAN interface is automatically specified in the list of interfaces and enables you to validate the tunnel between B02 and B01. See "Configuring the WAN" for the B01 appliance.

The External Gateways panel is used to connect this WAN interface to a configured External Gateway. Refer to "Configuring traffic redirection to an External Gateway".

Define Local Port Forwarding by selecting the TCP Protocol, typing 8080 as External Port, 10.1.2.12 as the Local IP Address and 80 which is the generally used Local Port for HTTP traffic.

Validate your input by hitting the Create button. The Overlay IP address is generated by the system as soon as the tunnel is created.

If the appliance already exists and you modify any data, click the Update button.

Also see how to configure:

Data Center appliance WANs

traffic redirection to an external gateway

traffic redirection to a web security gateway

traffic redirection to a cloud gateway

traffic redirection to EdgeSentry