Add an On-Premise Spoke Site with Hybrid WAN Capability

You add an on-premise spoke site with Hybrid WAN capability from the Sites page. The Hybrid WAN sites can have a maximum of two WAN links (one of the links functions as a backup) and run network services from the CPE device.

The following image illustrates a simple Hybrid WAN topology.

Before you add an on-premise spoke site with Hybrid WAN capability:

Complete the connections as shown in the topology diagram and power up the devices.
Note
This task assumes that the firewall device will get DHCP IP address and will have Internet connectivity along with DNS resolution when connected according to the network design.
For more information about connecting the cables and connecting a console to the device, see the documentation for the CPE device. Links to the hardware documentation for the supported models are provided in Table 1.
Ensure that ESP protocol traffic is allowed on the network.

Ensure that the ports listed in Table 1 are open.

Note

Ensure that the devices are running the recommended version of Junos OS. For information about the supported Junos OS versions, see the Release Notes for that release.

Table 1: Ports for Hybrid WAN

Device Model	NAT/Firewall Ports	CPE WAN Link Ports
SRX 4x000 devices	443 500 4500	`xe-0/0/0` `xe-0/0/1` `xe-0/0/2` `xe-0/0/3`	SRX4100 https://www.juniper.net/documentation/en_US/release-independent/junos/topics/topic-map/srx4100-chassis.html SRX4200 https://www.juniper.net/documentation/en_US/release-independent/junos/topics/topic-map/srx4200-chassis.html
SRX 3xx devices, SRX 550M and vSRX devices	443 500 4500	`ge-0/0/0` `ge-0/0/1`	SRX340 https://www.juniper.net/documentation/en_US/release-independent/junos/topics/topic-map/srx340-chassis.html SRX345 https://www.juniper.net/documentation/en_US/release-independent/junos/topics/topic-map/srx345-chassis.html SRX550M https://www.juniper.net/documentation/en_US/release-independent/junos/topics/topic-map/srx550-hm-chassis.html
NFX 250	443 500 4500 7804	`ge-0/0/8`	NFX250 https://www.juniper.net/documentation/en_US/release-independent/junos/topics/topic-map/nfx250-chassis.html
NFX 150	443 500 4500	`heth4` and LTE	NFX150 https://www.juniper.net/documentation/en_US/release-independent/junos/topics/reference/specifications/chassis-nfx150-physical.html

To add a hybrid WAN site:

From the Add list of the Sites page, click On-Premise Spoke Site.
The Add Site wizard appears.
Complete the configuration settings in the General and WAN sections according to the guidelines provided in Table 2.
Review the configuration and modify the settings, if needed, from the Summary tab.
Click Next to review the settings and then, click OK to add the site.
When the site is successfully created, the Site Status in the Sites page changes to Provisioned.

Table 2: Fields on the Add OSpoke Site Page

Field	Description
General
Site Information
Site Name	Enter a site name. You can use any number of alphanumeric characters, including special characters. The maximum length is 10 characters.
Site Capabilities
WAN Capabilities	Select Hybrid WAN to include Hybrid WAN capability in the on-premise spoke site.
Device Profile
Device Series	Select the device series to which the CPE belongs—SRX, NFX150, or NFX250.
Device Template	Select a device template for the selected device series. The device template contains information for configuring a device.
Device Information
Serial Number	Enter the serial number of the CPE device.
Auto Activate	If the selected device template supports ZTP, Auto Activate is enabled. When Auto Activate is enabled, zero-touch provisioning of the device is automatically triggered when the site is added. The Activation Code field appears if the selected device template does not support ZTP or if you disable the Auto Activate option. In such cases, specify the activation code of the device to manually activate a device. For information about manually activating a device, see Activate a Device.

CPE Info
CPE AS Number	Specify the autonomous system(AS) number.
Access Info
Router Name	Specify the router name.
Router AS Number	Specify the AS number for the router.
Management Connectivity
OAM Traffic Information	Select this option to set up an OAM link with CSO.
IP Prefix	Enter the IPv4 prefix to be used for the management network. This IP address must be unique across the entire management network. For NFX150 and NFX250 devices, if the USE_SINGLE_SSH_TO_NFX parameter is disabled in the device template,enter the IP address prefix as /29 or lower based on the number of VNFs. For all other devices, enter the IP address prefix as /32.
Gateway IP	If you configured the address assignment method as STATIC, enter the IP address of the gateway of the WAN service provider.
WAN links One of the two links functions as a backup link.
WAN_0
Link Type	Select whether the link would be an MPLS link or Internet link.
VLAN ID	Specify the identifier for the Layer 2 VLAN for the CPE device.
VRF Name	Specify the name of the virtual routing and forwarding (VRF) instance.
IPsec Concentrator Name	Specify the name of the IPsec concentrator device.
Internet Gateway IP	If you specified that the device is an IPsec concentrator, then specify the IPv4 address of the Internet gateway.
WAN_1	Refer to the fields described for WAN_0 for an explanation of the fields.