Workflow for Onboarding a Device Using ZTP

Procedure

1. From Customer Portal, add an on-premise spoke site or an enterprise site, and associate a device.

   For more information on adding an on-premise spoke site with the following capabilities:

   • WAN capability as SD-WAN, see Add an On-Premise Spoke Site with SD-WAN Capability.

   • WAN capability as Next Gen Firewall, see Adding a Standalone Next Generation Firewall Site.

   • WAN capability as SD-WAN and LAN capability, see Add an On-Premise Spoke Site with SD-WAN and LAN Capabilities.

   • WAN capability as Next Gen Firewall and LAN capability, see Add an On-Premise Spoke Site with Next Generation Firewall and LAN Capabilities.

   • Only LAN capability, see Add an On-Premise Spoke Site with LAN Capability.

   For more information on adding an enterprise hub, see Add Enterprise Hubs with SD-WAN Capability or SD-WAN and LAN Capabilities.

2. Activate the device:

   • If you have enabled the Auto Activate field while adding an on-premise site or an enterprise hub, ZTP of the device is automatically triggered after the site is added to CSO.

   • If you have disabled the Auto Activate field while adding an on-premise site or an enterprise hub, you must manually activate the device.

     To manually activate the device:

     Procedure

     1. Select Resources > Site Management.

        The Sites-Name page appears.

     2. On the Sites page, click the site that you want to activate.

        The detailed view of the site appears.

        Note You can activate a site that is in the CONFIGURED state.

     3. Click the Devices tab.
     4. Select the device that you added to the site and click Activate Device to activate the device.

        The Activate Device page appears.

     5. On the Activate Device page, enter the activation code for the device. The activation code must match the activation code that you provided during the site addition workflow.
     6. Click Next.

        The progress of device activation is displayed.

     7. After the device is activated, click OK.

        The Sites page appears.

   • If you have to activate a vSRX or SRX4X00 Services Gateway devices:

     1. Select Resources > Site Management.

        The Sites page appears.

     2. Click on the site that you want to activate.

        The Site-Name page appears.

     3. On the Devices tab, select the device that you want to activate and click Stage1 Config.

        A new page appears displaying the stage-1 configuration of the device.

     4. Click Copy to Clipboard to copy the stage-1 configuration of the device.

     5. Log in to the CLI of the device and enter the configuration mode.

     6. Paste the stage-1 configuration and commit.

   The Phone-Home client or the Redirect Server authenticates the device and establishes a communication between the device and CSO.

   After the device activation is complete, CSO applies the stage-1 configuration. The status of the device is changed from Expected to Active, which indicates the device is authenticated but not yet operational.

3. After authenticating the device, CSO automatically triggers a job to push the provisioning and stage-2 (optional) configurations.

   You can use the Activation Logs page (Resources > Tenant Devices > More >Activation Logs) to view bootstrap logs (stage-1 configuration and device activation) and ZTP logs (provisioning and stage-2 configurations) and their status.

   After the job is completed successfully:

   • The provisioning configuration and stage-2 configuration (optional) are applied.

   • The device state changes from Active to Provisioned, which indicates that the device is fully functional.

The newly-added device is provisioned and is onboarded to the network. You can apply SD-WAN and security policies, if applicable.

Related Documentation

• Zero Touch Provisioning Overview