Connecting a Branch Office appliance to an Azure Gateway

To connect Branch Office 2 appliance to the gateway (see "Use Case 1"), edit its WAN3 parameters by completing the External Gateways panel.

1

From the stack of Cloud Gateways names, select one Azure gateway.

There are two types of Azure managed gateways:

•

vnet: a vnet gateway is a resource associated with a Vnet (Virtual Network) that provides connectivity to this Vnet (through site-to-site VPN or ExpressRoute)

•

vWAN VPN: a Virtual WAN VPN gateway is a resource associated with a Virtual Hub in a Virtual WAN; Vnets in the same region are connected to the same Virtual Hub which provides:

- connectivity between remote sites and these Vnets (through site-to-site VPN or ExpressRoute),

- routing between these Vnets,

- routing with Vnets that are connected to other Virtual Hubs (possibly in other regions) of the same Virtual WAN

An Azure Cloud gateway name includes:

•

the Cloud access type, AZURE in this case

•

the Cloud access name

•

the name of the Azure location where it is deployed

•

the vnet gateway name or the virtual WAN name + virtual Hub name

•

its SKU for a vnet gateway or the bandwidth of the virtual Hub VPN gateway

 

The SD-WAN Orchestrator retrieves the AS number of the Cloud gateway and displays it beside the gateway name. The AS number of the Cloud gateway:

•

must not be included in the AS number range (see Advanced Configuration > Overlay routing)

•

or must be defined as an exclusion

•

and should be different from any other appliance ASN in the domain

2

Since PSK is the only authentication type currently supported, the SD-WAN Orchestrator automatically generates a pre-shared key. This authentication type requires a WAN interface public IP address to be specified.

3

When there are several Cloud gateways, you can enter Preference values to define the priority of tunnels to route the traffic. The highest Preference value implies priority. The default value is 100.

For Virtual Hub VPN Gateways (vWAN - vHub) only

The SD-WAN Orchestrator retrieves and displays the VPN acceleration setting (not editable) that is configured on the Virtual Hub VPN Gateway. VPN acceleration 'enabled' corresponds to routing via "Microsoft global network" whereas VPN acceleration 'disabled' corresponds to routing over public Internet (refer to routing preference).

4

You can define the Associated Route Table and Propagated Route Tables. Virtual Hub route tables are objects that enable network segmentation, i.e. they define whether attachments can communicate with one another.

•

Associated Route Table: select the route table for association, either the Default one or any other route table.

•

Propagated Route Tables: select one or more route table(s) for propagation, or the None option.

For all the Gateways

5

Update your settings. Either one or two connections are defined - there are two connections with a virtual hub - and the matching tunnels are set up on the appliance.

Note: You can edit or delete a Cloud connection at any time.