Configuring Appliances

1

From the main menu, select Appliances to finish the configuration of your appliances.

All your provisioned appliances are listed with their names, configuration statuses, assigned Sites, serial numbers and Mac addresses.

2

Select every appliance line and consecutively edit the configuration of all the appliances by entering some remaining mandatory parameters that are still undefined in the General, LAN and WAN panes. These parameters were not extracted from the applied template because they are specific to each appliance.

You can notice that most parameters cannot be changed because they belong to the template. Modifying these parameters overwrites the configuration of the template and a message informs you that the current appliance is no longer associated with any template.

General

3

Managed State: this state specifies that the appliance is managed by ExtremeCloud SD-WAN.

Warning: Changing an appliance to the unmanaged state is similar to resetting the appliance to its default configuration: SD-WAN tunnels are closed, traffic routing is stopped as well as appliance monitoring and alarming. The appliance license is no longer consumed.

4

You can change the Appliance Name.

5

If you select another template, all default parameters are updated according to the default configuration of the new appliance template.

All the other parameters are extracted from the applied template.

LAN

6

If you defined one or several VLAN(s) in the appliance template, enter the VLAN Prefix Length, Management IP address and Router 1, 2, 3 IP addresses. This information is mandatory.

7

If you activated Fabric Support, you can modify the Fabric Switch LAN and IS-IS Metric values.

Note that you can add VLAN(s) without overwriting the appliance template.

All the other parameters are extracted from the applied template. You can override them to configure the appliances in BGP, VRRP, OSPF, IHAP, etc.

•

VLAN

IP Interfaces

DHCP Service. You can select or create only one DHCP Service object for each VLAN.

Fabric Switch LAN: the Fabric Switch LAN IPv4 address is used as the Fabric extend tunnel source IP address. This value is automatically generated by the system according to the Fabric Extend IP Network global subnet you defined when you activated Fabric Support. You can modify this value.

Remote Fabric Extend Tunnel Endpoints

This set of parameters is also automatically displayed by the SD-WAN application. It specifies the Site, IP address and name of the Remote appliance. The default IS-IS Metric value is used for the Fabric-extend (FE) tunnel. Click if you want to modify this IS-IS Metric value for the local appliance as for the remote appliance.

•

Dynamic LAN Routing

iBGP protocol is used between the Core Router and the appliances of a Data Center

OSPF protocol is used between the Core Routers and the appliances of a Data Center

•

High-Availability (HA)

VRRP protocol is used between the appliances of a Branch Office

IHAP (Ipanema High Availability Protocol) is used between the hybrid or bridge appliances of a Branch Office

•

Static Route

•

Subnet

•

DHCP Server

WAN

8

Consecutively select the WAN1, WAN2 and WAN3 interfaces.

9

WAN Service: for an interface in Bridge mode, check that the value is either MPLS or a MPLS WAN Service you created. For an interface in Router mode, check that the value is either Internet or an Internet WAN Service you created.

10

For an interface in Bridge mode, enter the mandatory Access Router IP Address.

11

For an interface in Router mode, enter the data in the Optional Settings section. Refer to "Creating Appliance Templates".

IP Addresses

•

Public IP Address which corresponds to the WAN side of the Internet Access router to which the WAN interface is connected. The Port Forwarding configuration of the Internet Access router enables this device to send the UDP packets to the appliance WAN on ports 500 (IKEv2) and 4500 (IPsec NAT Traversal). The Internet Access router also modifies the Egress packets in order to replace its public address with the WAN static address as destination address.

•

If DHCP has been activated in your template, you can deactivate it in this section and enter new attributes.

12

If Fabric Support is enabled:

•

For an WAN interface in Router mode, defined as a Hub and connected to MPLS, enter the Public IP Address , the Interface IP Address which should be the same as the Public IP Address and the Prefix Length. Do not specify any Default Gateway. DHCP is disabled.

•

For a WAN interface in Router mode, defined as a Hub and connected to the Internet, leave all the fields blank if DHCP is enabled. On the contrary, specify the Interface IP Address, Prefix Length and Default Gateway if DHCP is disabled.

•

For a WAN interface in Router mode, defined as a Spoke, there is nothing to configure.

Note: A Fabric tunnel on a WAN interface in Router mode uses an IPsec tunnel whereas a Fabric tunnel on a WAN interface in Bridge mode uses a MPLS pseudo-tunnel. A Fabric tunnel on a WAN Bridge interface requires the same WAN Service on both the local appliance and the remote appliance (for the spoke to hub tunnel and the Site to Site tunnels).

13

Define and customize the network tunnels as described below.

Tunnels

Overlay (optional)

You may select an Overlay you previously created and apply it to the interface. You can also edit and customize the selected overlay from this panel. Refer to "Configuring Overlays".

•

Hub & Spoke: the selected Hub & Spoke overlay name is displayed. Click Configure Tunnel to edit this overlay and modify any parameters. Refer to "Create a Hub & Spoke Overlay". Update the new configuration.

•

External VPN Gateway: the name of the selected External VPN Gateway overlay is displayed. Click Configure Tunnel to edit this overlay and modify any parameters. Refer to "Create an External VPN Gateway Overlay". Update the new configuration.

•

Applications Anywhere: the name of the selected Cloud Gateway overlay is displayed. Click Configure Tunnel to edit this overlay and modify any parameters. Refer to "Connecting an Appliance to a Cloud Gateway". Update the new configuration.

Security Gateway (optional)

You may select a Security Gateway you previously created and apply it to the interface. You can also edit and customize the selected gateway from this panel.

•

External Secure Web Gateway: the name of the selected Secure Web Gateway is displayed. Click Configure Tunnel to edit this overlay and modify any parameters. Refer to "Configuring traffic redirection to a Secure Web Gateway".

•

If you select EdgeSentry, there is nothing to configure. The system uses the Site address associated with the appliance to define the Cloud location where the Internet traffic should be secured and automatically creates the tunnels. Refer to "EdgeSentry".

Site-to-Site Tunnels

•

Click Add Site-to-Site Tunnel to create a tunnel between two Sites. Select the parameter values from the field stacks and click Add Tunnel. Use the Configure Tunnel function if you want to modify the BGP Local Preference parameter or select another Overlay. Update the configuration.

14

When you have configured all your appliances, click Save.

15

Finally, click Deploy Configuration on the Appliances window to send your appliance configurations to the system.

16

From the main menu, select Dashboard. Your sites and associated appliances are displayed on the Google map.