Add an On-Premise Spoke Site with Hybrid WAN Capability
You add an on-premise spoke site with Hybrid WAN capability from the Sites page. The Hybrid WAN sites can have a maximum of two WAN links (one of the links functions as a backup) and run network services from the CPE device.
The following image illustrates a simple Hybrid WAN topology.
Before you add an on-premise spoke site with Hybrid WAN capability:
Complete the connections as shown in the topology diagram and power up the devices.
This task assumes that the firewall device will get DHCP IP address and will have Internet connectivity along with DNS resolution when connected according to the network design.
For more information about connecting the cables and connecting a console to the device, see the documentation for the CPE device. Links to the hardware documentation for the supported models are provided in Table 1.
Ensure that ESP protocol traffic is allowed on the network.
Ensure that the ports listed in Table 1 are open.
Ensure that the devices are running the recommended version of Junos OS. For information about the supported Junos OS versions for a release, see the Release Notes for that release.
Table 1: Ports for Hybrid WAN
CPE WAN Link Ports
SRX 4x000 devices
SRX 3xx devices, SRX 550M and vSRX devices
To add a hybrid WAN site:
- From the Add list of the Sites page,
click On-Premise Spoke Site.
The Add Site wizard appears.
- Complete the configuration settings in the General and WAN sections according to the guidelines provided in Table 2.
- Review the configuration and modify the settings, if needed, from the Summary tab.
- Click Next to review the settings and then,
click OK to add the site.
When the site is successfully created, the Site Status in the Sites page changes to Provisioned.
Table 2: Fields on the Add OSpoke Site Page
Enter a site name. You can use any number of alphanumeric characters, including special characters. The maximum length is 10 characters.
Select Hybrid WAN to include Hybrid WAN capability in the on-premise spoke site.
Select the device series to which the CPE belongs—SRX, NFX150, or NFX250.
Select a device template for the selected device series.
The device template contains information for configuring a device.
Enter the serial number of the CPE device.
If the selected device template supports ZTP, Auto Activate is enabled. When Auto Activate is enabled, zero-touch provisioning of the device is automatically triggered when the site is added.
The Activation Code field appears if the selected device template does not support ZTP or if you disable the Auto Activate option.
In such cases, specify the activation code of the device to manually activate a device. For information about manually activating a device, see Activate a Device.
CPE AS Number
Specify the autonomous system(AS) number.
Specify the router name.
Router AS Number
Specify the AS number for the router.
OAM Traffic Information
Select this option to set up an OAM link with CSO.
Enter the IPv4 prefix to be used for the management network. This IP address must be unique across the entire management network.
If you configured the address assignment method as STATIC, enter the IP address of the gateway of the WAN service provider.
One of the two links functions as a backup link.
Select whether the link would be an MPLS link or Internet link.
Specify the identifier for the Layer 2 VLAN for the CPE device.
Specify the name of the virtual routing and forwarding (VRF) instance.
IPsec Concentrator Name
Specify the name of the IPsec concentrator device.
Internet Gateway IP
If you specified that the device is an IPsec concentrator, then specify the IPv4 address of the Internet gateway.
Refer to the fields described for WAN_0 for an explanation of the fields.