Help Center User GuideGetting StartedFAQ
 
X
User Guide
Getting Started
FAQ
Help Center
 
Help CenterCustomer Portal Getting Started
Print

Customer Portal Getting Started

Ready. Set. Let’s go!

Use the following high-level steps to set up your sites and manage policies with Customer Portal. Click the Online Help (?) links for additional information, or refer to the Customer Portal Help Center.

Add an On-Premise Site

This task describes how to add an on-premise site. You can add two types of on-premise sites—on-premise spoke and on-premise hub.

Procedure

To add an on-premise site:

  1. Click Sites > Site Management.

    The Sites page appears.

  2. Click Add > On-Premise Spoke/ On-Premise Hub.

    The Add Site for Tenant-Name page appears.

  3. Specify the configuration for the on-premise site until you reach the configuration summary.
  4. Click OK.

    The status of the add operation is displayed.

Add a Cloud Spoke Site

This task describes how to add a cloud spoke site.

Procedure

To add a cloud spoke site:

  1. Select Sites > Site Management > Add > Cloud Spoke.
  2. Specify the site information such as, site name, AWS region, VPC ID, management subnet, IP prefix and click Next.
  3. Specify vSRX_AWS_SDWAN_Endpoint_option_1 as the connection plan.

    Note 

    • Only Hub-Spoke topology is supported for AWS cloud spoke site.

    • Only Internet link is supported for WAN underlay connections.

  4. Provide the WAN details and click Next.

    The WAN traffic page appears, displaying a set of values for the WAN link configuration.

  5. Specify additional requirements and click Next.
  6. Specify LAN segment information and click Next.
  7. In the Summary tab, check the configuration and click Edit to modify the settings.
  8. Click OK to save the changes.

    The new cloud spoke site that you created appears in the Sites page.

Switch on the CPE Device (On-Premise Sites)

Switch on the new CPE device and then enter the activation code. You can enter the activation code either from the Customer Portal or on the device.

Activate a CPE Device (Cloud Spoke Sites)

Procedure

To activate the device:

  1. Click Resources > Devices.
  2. Select the device and click Activate Device.

    The Activate Device page appears.

  3. Enter the activation code that is supplied by the service provider.
  4. Click Download to download the cloud formation template in JSON format.

    The template file is download to your system. The cloud formation template contains the stage-1 configuration. Upload the cloud formation template to AWS server to provision vSRX. The cloud formation template will create the required resources such as subnet, interface, vSRX and so on and apply the stage-1 configuration.

  5. Log in to AWS account.

    • If you have already logged in to your AWS account, the Create Stack page appears.

    • If you are not logged into your AWS account, a new web page opens in your browser, displaying the AWS login information. Login to your AWS account.

      Tip If you do not see the Create Stack page when you login or access your AWS account, then search for CloudFormation service.

      The Create Stack page appears.

  6. Select CloudFormation > Stacks > Create Stack > Upload a template to Amazon S3.
  7. Click Choose File and select the cloud formation template in JSON format.
  8. Click Next.
  9. Specify the Stack name and the KeyName.
  10. In the Parameters section, specify the KeyName for your EC2 instance.
  11. Click Next.
  12. Click I acknowledge that AWS CloudFormation might create IAM Resources.
  13. Click Create.

    The Create Stack pages displays a list of existing stacks and indicates that it is creating the stack that you requested. The create stack process takes up to 30 minutes. If the process does not complete in 30 minutes, a timeout occurs and you must retry the process.

  14. After the create stack process is complete, return to the Customer Portal and click Next.

    The Activate Device page is visible and you see that CSO is detecting the provisioning agent. This process takes up to 30 minutes. If the process does not complete in 30 minutes, a timeout occurs and you need to retry the process.

    Note You need not download the cloud formation template again. You can log in to the Customer Portal, access the Activate Device page, enter the activation code and click Next. After the CREATE_COMPLETE message is displayed on the AWS server, click Next on the Activate Device page to proceed with device activation.

    If the spoke on AWS has been spawned successfully, it will contact CSO through outbound SSH connection. The device is detected and normal ZTP process is triggered. The rest of the workflow is consistent with the normal on-premise workflow.

  15. After the activation process is complete, click OK.

    The Sites page appears. To see the device activation status, hover over the device icon on the Sites page.

Deploy and Start Network Services

Procedure

To deploy network services:

  1. Click Sites > Site Management.

    The Sites page appears.

  2. Click the name of the site for which you want to deploy network services.

    The Site-Name page appears.

  3. In the Services tab, click View Services.

    The Deploy Network Services pane appears on the right side of the page.

  4. Select a service and an attachment point. Alternatively, drag and drop a service on to an attachment point.

    The Deploy Network Service: Site-Name page appears.

  5. Specify the parameters for the service that you want to deploy.
  6. Click Deploy to deploy the service.

    The status of the deploy operation is displayed.

  7. Select the deployed service and click Start Service.

    The status of the service is displayed.

View and Manage Policies

The following tasks describe how to view and manage policies.

View and Manage a Firewall Policy

Procedure

To view and manage a firewall policy:

  1. Prepare the endpoints that you want to use in the firewall policy:

    • Source endpoints can be IP addresses, IP address groups, sites, site groups, or departments

    • Destination endpoints can be IP addresses, IP address groups, sites, site groups, departments, Layer 7 (L7) applications, or services.

  2. Add one or more firewall intents (by using the available endpoints):

    Procedure

    1. Click Configuration > Firewall > Firewall Policy.

      The Firewall Policy page is displayed.

    2. Click the add (+) icon.
    3. Specify the parameters for the firewall intent.
    4. Click Save.

      The status of the save operation is displayed.

  3. Deploy the firewall policy:

    Procedure

    1. Click Configuration > Firewall > Firewall Policy.

      The Firewall Policy page is displayed.

    2. Click Deploy to deploy the firewall policy.

      The Deploy page is displayed.

    3. Specify whether you want to deploy the policy immediately or schedule the deployment for later.
    4. Click Deploy.

      The status of the deployment operation is displayed.

      The Deployments page (Configuration > Deployments) displays the information about all deployments.

View and Manage an SD-WAN Policy

Procedure

To view and manage an SD-WAN policy:

  1. Prepare the endpoints that you want to use in the SD-WAN policy:

    • Source endpoints can be sites, site groups, or departments

    • Destination endpoints can be applications or application groups

  2. Create an application traffic type profile:

    Note You can also use predefined traffic type profiles.

    Procedure

    1. Click Configuration > SD-WAN > Application Traffic Type Profiles.

      The Application Traffic Type Profiles page appears.

    2. Click the add (+) icon.

      The Create Traffic Type Profile page appears.

    3. Specify the parameters for the traffic type profile.
    4. Click OK.

      The status of the create operation is displayed.

  3. Create an application service-level agreement (SLA) profile and associate it with the traffic type profile:

    Procedure

    1. Click Configuration > SD-WAN > Application SLA Profiles.

      The Application SLA Profiles page appears.

    2. Click the add (+) icon.

      The Create SLA Profile page appears.

    3. Specify the parameters for the application SLA profile.
    4. Click OK.

      The status of the create operation is displayed.

  4. Create an SD-WAN policy(by using the available endpoints) and associate it with the SLA profile:

    Procedure

    1. Click Configuration > SD-WAN > SD-WAN Policy.

      The SD-WAN Policy page appears.

    2. Click the add (+) icon.
    3. Specify the parameters for the SD-WAN policy.
    4. Click Save.

      The status of the save operation is displayed.

  5. Deploy the SD-WAN policy:

    Procedure

    1. Click Configuration > SD-WAN > SD-WAN Policy.

      The SD-WAN Policy page appears.

    2. Click Deploy to deploy the SD-WAN policy.

      The Deploy page is displayed.

    3. Specify whether you want to deploy the policy immediately or schedule the deployment for later.
    4. Click Deploy.

      The status of the deployment operation is displayed.

      The Deployments page (Configuration > Deployments) displays the information about all deployments.

View and Manage a NAT Policy

Procedure

To view and manage a NAT policy:

  1. Prepare the endpoints that you want to use in the NAT policy:

    • Source endpoints can be IPv4/IPv6 addresses, or port numbers

    • Destination endpoints can be IPv4/IPv6 addresses, or port numbers

  2. Create a NAT policy rule:

    Procedure

    1. Select Configuration > NAT > NAT Policies.

      The NAT Policies page appears, displaying the existing NAT policies.

    2. Click the name of the NAT policy for which you want to create rules. Alternately, you can click on the number listed under Rules against a NAT policy.

      The Single NAT Policy page appears.

    3. Click Create and select either Source, Static, or Destination. The page displays fields for creating a NAT rule.
    4. Specify the parameters for NAT rules.
    5. Click OK

      The status of the create operation is displayed.

  3. Create NAT pools:

    Procedure

    1. Select Configuration > NAT > Pools.

      The NAT Pools page appears.

    2. Click the add icon (+).

      The Create NAT Pool page displays fields required for creating and configuring a NAT pool.

    3. Specify the parameters for NAT pools.
    4. Click OK.

      The status of the create operation is displayed.

  4. Deploy the NAT policy:

    Procedure

    1. Select Configuration > NAT > NAT Policies.

      The NAT Policies page appears.

    2. Click on the NAT policy that you want to deploy.

      The NAT policy rules page appears.

    3. Select one or more NAT policy rules, and click Deploy.

      Note Even though you select one or more NAT policy rules, when you click Deploy, all NAT policy rules that are associated with the NAT policy are deployed.

      The status of the deployment operation is displayed.

Related Documentation

Help us to improve. Rate this article.
     
Feedback Received. Thank You!
Related Topics

  • Creating On-Premise Spoke Sites for SD-WAN Deployment

  • Creating On-Premise Hub Sites for SD-WAN Deployment

  • Activating a CPE Device

  • Creating Cloud Spoke Sites for SD-WAN Deployment

  • Provisioning a Cloud Spoke Site in AWS VPC

  • Managing a Single Site

  • About the SD-WAN Policy Page

  • About the Firewall Policy Page

  • About the NAT Policies Page

Need more help?

Ask questions in TechWiki

Contact Customer Support

Check documentation in TechLibrary

© 2018 Juniper Networks, Inc. All rights reserved

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit