Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Hybrid WAN Deployment Overview


This walkthrough highlights the steps, or workflows, that you need to complete in order to deploy a Hybrid WAN solution. We use an NFX250 Series device as the CPE and an SRX Series device as the Hub which is located in the SP cloud. We indicate where, in the CSO GUI, you need to go to complete each step. The document also provides some explanation of the choices that you need to make at each step. It assumes that this is the first deployment you are attempting.

In the distributed deployment, customers access network services from a CPE device located at the customer’s site. These sites are called on-premise sites in this documentation. In the deployment workflows used in the CSO GUI, this deployment is known as Hybrid WAN. Figure 1 illustrates a simplified distributed deployment.

Figure 1: Simplified Hybrid WAN Deployment
Hybrid WAN Deployment

Initial configuration of the CPE device at the site is automated through the use of zero touch provisioning (ZTP) that is orchestrated through CSO. CSO also monitors the CPE device and its services, and can push software and configuration updates to the devices remotely, reducing operating expenses.

This deployment model is useful in environments where service delivery from the service provider’s cloud is costly. In fact, CSO has been designed to require only modest bandwidth, needing as little as 30kbps for probe and OAM traffic over Hybrid WAN connections where there are only a few sessions active. When AppQoe is involved, the bandwidth requirement increases to somewhere between 105kbps and 2Mbps, depending on the number of sessions.

During ZTP operations, if new device images are needed, they can be downloaded as part of the ZTP process, or pre-staged on the device. In those circumstances, the bandwidth requirement increases to a maximum of 5Mbps only when device image download is needed. This makes these solutions applicable even in cases where connection bandwidth is limited or noisy.

The distributed CPE deployment uses a CPE device such as an NFX Series Network Services platform or SRX Series Services Gateway at the customer site and thus supports private hosting of network services at a site. The distributed deployment can be extended to offer software defined wide area networking (SD-WAN) capabilities.


If an SRX Series device is used as the CPE device at the customer site, it can not host VNFs. It can still offer all of the built-in services inherent in an SRX Series device.

In the Hybrid WAN deployment model, there is typically only one path from the on-premise site back to headquarters or the service provider cloud. The following sections describe the high-level architecture of a Hybrid WAN deployment and provide a walkthrough of how to set up CSO for Hybrid WAN.