Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Workflow for Onboarding a Device Using ZTP


Zero Touch Provisioning (ZTP) enables you to configure and provision devices automatically, minimizing the manual intervention required for adding devices to a network.

This topic provides a sequential list of tasks that you need to perform for successfully onboarding a device to the network by using ZTP:

  1. From Customer Portal, add an on-premise spoke site or an enterprise site, and associate a device.

    For more information on adding an on-premise spoke site with the following capabilities:

    For more information on adding an enterprise hub, see Adding Enterprise Hubs with SD-WAN Capability or SD-WAN and LAN Capabilities.

  2. Activate the device:
    • If you have enabled the Auto Activate field while adding an on-premise site or an enterprise hub, ZTP of the device is automatically triggered after the site is added to CSO.

    • If you have disabled the Auto Activate field while adding an on-premise site or an enterprise hub, you must manually activate the device.

      To manually activate the device:

      1. Select Resources > Site Management.

        The Sites-Name page appears.

      2. On the Sites page, click the site that you want to activate.

        The detailed view of the site appears.


        You can activate a site that is in the CONFIGURED state.

      3. Click the Devices tab.
      4. Select the device that you added to the site and click Activate Device to activate the device.

        The Activate Device page appears.

      5. On the Activate Device page, enter the activation code for the device. The activation code must match the activation code that you provided during the site addition workflow.
      6. Click Next.

        The progress of device activation is displayed.

      7. After the device is activated, click OK.

        The Sites page appears.

    • If you have to activate a vSRX or SRX4X00 Services Gateway devices:

      1. Select Resources > Site Management.

        The Sites page appears.

      2. Click on the site that you want to activate.

        The Site-Name page appears.

      3. On the Devices tab, select the device that you want to activate and click Stage1 Config.

        A new page appears displaying the stage-1 configuration of the device.

      4. Click Copy to Clipboard to copy the stage-1 configuration of the device.

      5. Log in to the CLI of the device and enter the configuration mode.

      6. Paste the stage-1 configuration and commit.

    The Phone-Home client or the Redirect Server authenticates the device and establishes a communication between the device and CSO.

    After the device activation is complete, CSO applies the stage-1 configuration. The status of the device is changed from Expected to Active, which indicates the device is authenticated but not yet operational.

  3. After authenticating the device, CSO automatically triggers a job to push the provisioning and stage-2 (optional) configurations.

    You can use the Activation Logs page (Resources > Tenant Devices > More >Activation Logs) to view bootstrap logs (stage-1 configuration and device activation) and ZTP logs (provisioning and stage-2 configurations) and their status.

    After the job is completed successfully:

    • The provisioning configuration and stage-2 configuration (optional) are applied.

    • The device state changes from Active to Provisioned, which indicates that the device is fully functional.

The newly-added device is provisioned and is onboarded to the network. You can apply SD-WAN and security policies, if applicable.