Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Hybrid WAN Deployment Overview


This walkthrough highlights the steps you need to complete to deploy a Hybrid WAN solution. We’ll use an NFX250 device as the CPE and an SRX Series device as the hub located in the SP cloud. We’ll show you in the CSO GUI where, you need to go to complete each step. The document also provides some explanation of the choices you need to make at each step. It assumes that this is your first Hybrid WAN deployment.

In the Hybrid WAN deployment (also known as distributed), customers access network services from a CPE device located at the customer’s site. These customer sites are called on-premises sites. Figure 1 shows a simplified Hybrid WAN deployment.

Figure 1: Simplified Hybrid WAN Deployment
Hybrid WAN Deployment

Initial configuration of the CPE device at the site is automated through the use of zero touch provisioning (ZTP) that is orchestrated through CSO. CSO also monitors the CPE device and its services, and can push software and configuration updates to the devices remotely, reducing operating expenses.

This deployment model is useful in environments where service delivery from the service provider’s cloud is costly. In fact, CSO has been designed to require only modest bandwidth, needing as little as 30 kbps for probe and OAM traffic over Hybrid WAN connections where there are only a few sessions active. When AppQoE is involved, the bandwidth requirement increases to somewhere between 105 kbps and 2 Mbps, depending on the number of sessions.

During ZTP operations, if new device images are needed, they can be downloaded as part of the ZTP process, or pre-staged on the device. In those circumstances, the bandwidth requirement increases to a maximum of 5 Mbps only when device image download is needed. This makes these solutions applicable even in cases where connection bandwidth is limited or noisy.

The Hybrid WAN deployment uses a CPE device such as an NFX Series Network Services platform or SRX Series Services Gateway at the customer site and thus supports private hosting of network services at a site. The Hybrid WAN deployment can be extended to offer software defined wide area networking (SD-WAN) capabilities.


If an SRX Series device is used as the CPE device at the customer site, it can not host VNFs. It can still offer all of the built-in services inherent in an SRX Series device.

In the Hybrid WAN deployment model, there is typically only one path from the on-premises site back to headquarters or the service provider cloud. The following sections describe the high-level architecture of a Hybrid WAN deployment and provide a walkthrough of how to set up CSO for Hybrid WAN.