Add an On-Premise Spoke Site with Hybrid WAN Capability
You add an on-premise spoke site with Hybrid WAN capability from the Sites page. The Hybrid WAN sites can have a maximum of two WAN links (one of the links functions as a backup) and run network services from the CPE device.
The following image illustrates a simple Hybrid WAN topology.

Before you add an on-premise spoke site with Hybrid WAN capability:
Complete the connections as shown in the topology diagram and power up the devices.
Note This task assumes that the firewall device will get DHCP IP address and will have Internet connectivity along with DNS resolution when connected according to the network design.
For more information about connecting the cables and connecting a console to the device, see the documentation for the CPE device. Links to the hardware documentation for the supported models are provided in Table 1.
Ensure that ESP protocol traffic is allowed on the network.
Ensure that the ports listed in Table 1 are open.
Note Ensure that the devices are running the recommended version of Junos OS. For information about the supported Junos OS versions, see the Release Notes for that release.
Table 1: Ports for Hybrid WAN
Device Model
NAT/Firewall Ports
CPE WAN Link Ports
SRX 4x000 devices
443
500
4500
xe-0/0/0
xe-0/0/1
xe-0/0/2
xe-0/0/3
SRX4100
SRX4200
SRX 3xx devices, SRX 550M and vSRX devices
443
500
4500
ge-0/0/0
ge-0/0/1
SRX340
SRX345
SRX550M
NFX 250
443
500
4500
7804
ge-0/0/8
NFX250
NFX 150
443
500
4500
heth4
and LTENFX150
To add a hybrid WAN site:
- From the Add list of the Sites page,
click On-Premise Spoke Site.
The Add Site wizard appears.
- Complete the configuration settings in the General and WAN sections according to the guidelines provided in Table 2.
- Review the configuration and modify the settings, if needed, from the Summary tab.
- Click Next to review the settings and then,
click OK to add the site.
When the site is successfully created, the Site Status in the Sites page changes to Provisioned.
Table 2: Fields on the Add OSpoke Site Page
Field | Description |
---|---|
General | |
Site Information | |
Site Name | Enter a site name. You can use any number of alphanumeric characters, including special characters. The maximum length is 10 characters. |
Site Capabilities | |
WAN Capabilities | Select Hybrid WAN to include Hybrid WAN capability in the on-premise spoke site. |
Device Profile | |
Device Series | Select the device series to which the CPE belongs—SRX, NFX150, or NFX250. |
Device Template | Select a device template for the selected device series. The device template contains information for configuring a device. |
Device Information | |
Serial Number | Enter the serial number of the CPE device. |
Auto Activate | If the selected device template supports ZTP, Auto Activate is enabled. When Auto Activate is enabled, zero-touch provisioning of the device is automatically triggered when the site is added. The Activation Code field appears if the selected device template does not support ZTP or if you disable the Auto Activate option. In such cases, specify the activation code of the device to manually activate a device. For information about manually activating a device, see Activate a Device. |
CPE Info | |
CPE AS Number | Specify the autonomous system(AS) number. |
Access Info | |
Router Name | Specify the router name. |
Router AS Number | Specify the AS number for the router. |
Management Connectivity | |
OAM Traffic Information | Select this option to set up an OAM link with CSO. |
IP Prefix | Enter the IPv4 prefix to be used for the management network. This IP address must be unique across the entire management network.
|
Gateway IP | If you configured the address assignment method as STATIC, enter the IP address of the gateway of the WAN service provider. |
WAN links One of the two links functions as a backup link. | |
WAN_0 | |
Link Type | Select whether the link would be an MPLS link or Internet link. |
VLAN ID | Specify the identifier for the Layer 2 VLAN for the CPE device. |
VRF Name | Specify the name of the virtual routing and forwarding (VRF) instance. |
IPsec Concentrator Name | Specify the name of the IPsec concentrator device. |
Internet Gateway IP | If you specified that the device is an IPsec concentrator, then specify the IPv4 address of the Internet gateway. |
WAN_1 | Refer to the fields described for WAN_0 for an explanation of the fields. |