Help Center User GuideGetting StartedFAQ
 
X
User Guide
Getting Started
FAQ
Contents  

Adding a Site Template

You can add a site template for an on-premise spoke site. A site template can be added with one WAN capability (SD-WAN or Next Gen Firewall), LAN capability, or both WAN and LAN capabilities.

Procedure

To add a site template:

  1. Select Resources > Templates > Site Templates.

    The Site Templates page appears.

  2. Click the + icon.

    The Add Site Template page appears.

  3. Complete the configuration according to the guidelines in Table 98.

    The fields that are displayed in the Add Site Template page are based on the LAN and WAN capabilities that you choose. The last column of Table 98 indicates the capabilities for which a field is applicable.

    Note Fields marked with * are mandatory.

  4. Click OK.

The site template is added and listed in the Site Templates page. You can use the site template to add multiple on-premise spoke sites.

Table 98: Fields on the Add Site Template Page

Field

Description

Applicable To

General Tab

Template Name

Specify a unique name for the site template that can contain alphanumeric characters and hyphens (-); the maximum length is 32 characters.

  • SD-WAN

  • Next Gen Firewall

  • LAN

Description

Enter a description for the site template; the maximum length is 512 characters.

  • SD-WAN

  • Next Gen Firewall

  • LAN

Site Information

Site Group

Select a site group to which you want to assign the template. Example: sdwan-spoke

  • SD-WAN

  • Next Gen Firewall

  • LAN

Site Capabilities

WAN Capabilities

Select one of the following WAN capabilities to include LAN capabilities for the site template:

  • SD-WAN

  • Next Gen Firewall

Note:

  • You must select at least one WAN capability or a LAN capability.

  • The WAN capabilities that are displayed here are filtered based on the service type that are assigned to the tenant.

  • SD-WAN

  • Next Gen Firewall

LAN Capabilities

Select LAN to include LAN capabilities for the site template.

LAN

Configuration

Primary Provider Hub

Select the provide hub site (or primary provider hub site in case of multihoming) to which the spoke site must connect.

SD-WAN

Secondary Provider Hub

Select the secondary provider hub site to which this site must connect.

This site connects to the secondary provider hub site when the primary provider hub is down.

SD-WAN

Primary Enterprise Hub

Select the primary enterprise hub with which you want to connect the spoke site. If you specify a enterprise hub, then the initial site-to-site traffic as well as the central breakout (backhaul) traffic (if applicable) is sent through the enterprise hub instead of the hub site.

SD-WAN

Secondary Enterprise Hub

Select the secondary enterprise hub for this spoke site.

The spoke site connects with secondary enterprise hub when the primary enterprise hub is down.

SD-WAN

Create Threshold

Enter the maximum number of sessions closed between the connected sites in a duration of two minutes at which full mesh is created between the two sites.

The default value is 5.

For example, if you specify the number of sessions as 5, dynamic mesh tunnels are created if the number of sessions closed between two spoke sites in 2 minutes exceeds 5.

SD-WAN

Delete Threshold

Enter the number of sessions closed between the connected sites in a duration of 15 minutes below which full mesh is deleted between the two sites.

The default value is 2.

For example, if you specify the number of sessions closed as 2, dynamic mesh tunnels are deleted if the number of sessions closed is lesser than or equal to 2.

SD-WAN

Address and Contact Information

Street Address

Enter the street address of the site.

  • SD-WAN

  • Next Gen Firewall

  • LAN

City

Enter the city where the site is located.

  • SD-WAN

  • Next Gen Firewall

  • LAN

State/Province

Select the state or province where the site is located.

  • SD-WAN

  • Next Gen Firewall

  • LAN

ZIP/Postal Code

Enter the postal code for the site.

  • SD-WAN

  • Next Gen Firewall

  • LAN

Country

Select the country where the site is located. Click the Validate button to verify the address. The site address verification successful message is displayed if the address is correct. You can click the View location on a map link to see the address location.

If you enter the wrong address and click the Validate button to verify the address, the Site address could not be validated message is displayed .

  • SD-WAN

  • Next Gen Firewall

  • LAN

Contact Name

Enter the name of the contact person at the site.

  • SD-WAN

  • Next Gen Firewall

  • LAN

Email

Enter the e-mail address of the contact person at the site.

  • SD-WAN

  • Next Gen Firewall

  • LAN

Phone

Enter the phone number for the site.

  • SD-WAN

  • Next Gen Firewall

  • LAN

Advanced Configuration

Domain Name Server (DNS)

Specify one or more IPv4 addresses of the DNS server. To enter more than one DNS server address, type the address, press Enter, and then type the next address, and so on..

DNS servers are used to resolve hostnames into IP addresses.

  • SD-WAN

  • Next Gen Firewall

  • LAN

NTP Server

Specify the fully qualified domain names (FQDNs) or IP addresses of one or more NTP servers.

Example: ntp.example.net

The site must have DNS reachability to resolve the FQDN during site configuration.

  • SD-WAN

  • Next Gen Firewall

  • LAN

Select Timezone

Select the time zone in which the site is located from the drop-down list.

  • SD-WAN

  • Next Gen Firewall

  • LAN

WAN Tab

Device Template

Device Series

Select the device series to which the CPE belongs (SRX, NFX150, or NFX250) and select a device template for the selected device series.

The device template contains information for configuring a device.

  • SD-WAN

Device Model

For NFX150 devices, select a device model from the list. Device models are listed based on the connection plan that you select.

  • SD-WAN

Auto Activate

Click the toggle button to enable or disable automatic activation of the CPE when the CPE is detected by CSO ( management status of the device is Device_Detected).

When you enable this field, zero-touch provisioning of the device is automatically triggered after the site with the CPE is added to CSO.

  • SD-WAN

  • Next Gen Firewall

Pre Staged

Click the toggle button to use the preconfigured settings for the firewall device. The preconfigured settings are as follows:

  • Device Template—NGSRXZTP

  • In-band Management Port—ge-0/0/0 port

  • Firewall Policies—Factory_Default_Fw_Policy

  • NAT Policies—Factory_Default_NAT_Policy

Next Gen Firewall

Boot Image

Select the boot image from the drop-down list if you want to upgrade the image for the CPE device.

The boot image is the latest build image uploaded to the image management system. The boot image is used to upgrade the device when the CSO starts the ZTP process.

If the boot image is not provided, then the device skips the procedure to upgrade the device image. The boot image (NFX or SRX) is populated based on the device template that you have selected while adding a site. See Uploading a Device Image.

  • SD-WAN

  • Next Gen Firewall

In-band Management Port

Select the port that you want to configure as management interface and connect it to the management device. You can configure any of the ge-0/0/x ports, where x ranges from 0 to 14, as in-band management interfaces.

Next Gen Firewall

Firewall Policies

Select the firewall policy that you want to deploy. The firewall policy list is populated from the Configuration > Firewall > Firewall Policy page.

  • SD-WAN

  • Next Gen Firewall

NAT Policies

Select the NAT policy that you want to deploy to the standalone firewall site. The NAT policy list is populated from the Configuration > NAT > NAT Policies page.

  • SD-WAN

  • Next Gen Firewall

WAN 0

Click the toggle button to enable or disable this WAN link. By default, the WAN_0 link is enabled.

When you enable a WAN link, fields related to the WAN link appear. Fields marked with an asterisk (*) must be configured to proceed.

  • SD-WAN

Link Type

Select the underlay network type (MPLS or Internet) of the WAN link that is connected to the on-premise spoke site.

  • SD-WAN

Egress Bandwidth

Enter the maximum bandwidth (in mega bits per second [Mbps]) to be allowed for the WAN link. Range: 1 through 10,000

SD-WAN

Address Assignment

Select the method for IP address assignment. The options available are:

  • DHCP—Select DHCP to assign IP address by using a DHCP server.

  • STATIC—Select STATIC to assign a static IP address.

SD-WAN

Advanced Settings

Provider

Enter the name of the service provider who is responsible for providing the WAN link.

SD-WAN

Cost/Month

Enter the cost per month (in the specified currency) of the subscribed bandwidth.

Range: 1 through 10,000

SD-WAN

Enable Local Breakout

Click the toggle button to enable local breakout on the WAN link. By default, local breakout is disabled.

SD-WAN

Use For Fullmesh

Click the toggle button to specify that the WAN link is part of a fullmesh topology.

SD-WAN

Connects To Hubs

Click the toggle button to specify that the WAN link of the site connects to a hub.

Note:

  • For sites with a single CPE, you must enable at least one WAN link to connect to the hub so that OAM traffic can be transmitted.

  • For sites with a dual CPE, you must enable at least one WAN link per device to connect to the hub so that OAM traffic can be transmitted.

SD-WAN

Backup Link

Select a backup link through which traffic can be routed when the primary (other) links are unavailable.

SD-WAN

Default Link

Select one or more links to be used for routing traffic in the absence of matching SD-WAN policy intents.

SD-WAN

Data VLAN Id

Enter the VLAN ID that is associated with the data link. A data VLAN identifier is an integer.

Range: 0 through 65,535

SD-WAN

   

WAN 1

Click the toggle button to enable or disable this WAN link. By default, the WAN 1 link is disabled.

Refer to the fields described for WAN 0 for an explanation of the fields.

  • SD-WAN

WAN 2

Click the toggle button to enable or disable this WAN link. By default, the WAN 2 link is disabled.

Refer to the fields described for WAN 0 for an explanation of the fields

SD-WAN

WAN 3

Click the toggle button to enable or disable this WAN link. By default, the WAN 3 link is disabled.

Refer to the fields described for WAN 0 for an explanation of the fields

SD-WAN

Additional Configuration

Configuration Templates List

Select one or more configuration templates from the list. This list is filtered based on the device that you select.

Configuration templates are stage-2 templates that are added by your OpCo administrators or SP administrators or Tenant administrators.

Note: You must set the parameters of the configuration templates that you have selected before you move to the LAN section.

Procedure

To set the parameters for the selected configuration templates:

  1. After you select one or more configuration templates, click Set Parameters.

    The Device Configurations page appears. This page consists of two tabs—Configure and Summary.

  2. In the Configure tab, enter values for the parameters in each configuration templates.

    (Optional) View the CLI commands in the Summary tab.

  3. Click OK.

    You have added and set the parameters for the configuration templates that are part of the site template that you are creating.

  • SD-WAN

  • LAN

  • Next Gen Firewall

LAN Tab

Switch Devices

Displays the list of switches that you have added to the site.

  • To add a switch, click the + icon on the top, right corner of the Switch Devices table. The Add New Switch page appears. You can add multiple switches only to an SD-LAN site.

    See Fields on the Add New Switch page in the Add an On-Premise Spoke Site with LAN Capability topic for details.

    Note: You cannot specify the serial numbers of member devices (for a Virtual Chassis) when creating a site template. You can specify the serial numbers when you use this template to create an on-premise spoke site.

  • To edit details of a switch, select the switch and click the Edit icon on the top right corner of the Switch Devices table. The Edit Switch Details page appears, displaying the same parameters that you configured while adding a switch.

    Modify the parameters as needed and Click OK. The changes that you made for the switch are saved and the updated parameters appear on the Switch Devices table.

  • To delete one or more switches, select the switches and click the Delete icon on the top right corner of the Switch Devices table.

  • To manage the configuration of one or more switches added to the site, select the switches from the list and click Configuration.

    The Switch Configuration page appears. See Table 100 for details.

LAN

LAN Segments

Displays the VLANs and their IDs that you configure on the switch.

  • Optional: To add a VLAN, click the + icon on the top, right corner of the LAN Segments table. The Create LAN Segment page appears. See Table 99 to complete the configuration.

  • To edit details of a VLAN, select the VLAN and click the Edit icon (pencil) on the top right corner of the LAN Segments table. The Edit LAN Segment page appears, displaying the same fields that are presented when you add a VLAN.

    Modify the parameters as needed and click OK. The changes that you made for the LAN segment are saved and the updated parameters appear on the LAN Segments table.

  • To delete one or more VLANs, select the VLANs and click the Delete icon) on the top right corner of the LAN Segments table.

LAN

Table 99: Fields on the Create LAN Segment Page

Field

Description

Create LAN Segment

Name

Enter a name for the LAN segment.

The name for a LAN segment should be a unique string of alphanumeric characters and some special characters (. -). No spaces are allowed and the maximum length is 15 characters.

VLAN ID

Enter the VLAN ID for the LAN segment.

Range: 2 through 4093.

Department

Select a department to which the LAN segment is to be assigned.

Alternatively, click the Create Department link to create a new department and assign the LAN segment to it. See Adding a Department for details.

You group LAN segments as departments for ease of management and for applying policies at the department-level.

Gateway Address/Mask

Enter a valid gateway IP address and mask for the LAN segment; for example, 192.0.2.8/24.

DHCP

For directly connected LAN segments, click the toggle button to enable DHCP. DHCP is disabled by default.

You enable DHCP if you want to assign IP addresses by using a DHCP server. You disable DHCP if you want to assign a static IP address to the LAN segment.

CPE Ports

Click the toggle button to include or exclude the CPE in the LAN segment. When you include the CPE in the LAN segment:

  • CPE ports that you can include in the LAN segment are listed.

    Select the ports from the Available column and click the right-arrow to move the ports to the Selected column.

Table 100 describes the tabs on the Switch Configuration page.

The Access Profiles tab and Port Profiles tab are available only if you have added a physical switch or a preprovisioned Virtual Chassis, and the selected switches are of the same device type and model. If you have added an autoprovisioned Virtual Chassis, only the Configuration Templates tab is available. The Port Profiles tab is unavailable because, in the case of autoprovisioning, port profiles can be configured only after provisioning the Virtual Chassis. The Access Profiles tab is unavailable because the access profile requires a RADIUS authentication server to be added to it. The parameters related to communication between the RADIUS server and the supplicant are defined in the authentication profile , which is, in turn, referenced by the port profile.

Table 100: Tabs on the Switch Configuration page

Tab

Description

Access Profiles

Displays the list of access profiles available in CSO. The list is populated from the Access Profiles page (Configuration > SD-LAN > Access Profiles).

You can also click the Search icon to search for a specific access profile in the list.

For details of the fields displayed on the Access Profiles table, see About the Access Profiles Page.

Optional: You can select an access profile from the list to assign it to the switch.

Port Profiles

Displays the list of interfaces (ports) available in CSO.

You can also click the Search icon to search for a specific port in the list.

Optional: To assign port profiles and VLAN IDs to the ports:

Procedure

  1. Select one or more ports and click Edit Configuration on the top right corner, above the Interface List table.

    The Edit Port Configuration page appears.

  2. From the Port Profile list, select a port profile to be assigned to the port.

    Note: The port profile must already be created from the Port Profiles page (Configuration > SD-LAN > Port Profiles) for it to be listed here.

  3. In the VLAN field, if the port is configured as a trunk port in the port profile, assign multiple VLANs by selecting the VLANs in the Available column and clicking the right-arrow to move them to the Selected column.

    If the port is configured as an access port in the port profile, you can assign only one VLAN.

  4. From the Native VLAN list, select a VLAN that you want to configure as native. This option appears only if you select a Trunk port profile from the Port Profile list.
  5. Click OK to complete the configuration. You are returned to the Add On-Premise Spoke Site page.

Configuration Templates

Displays the list of configuration templates. This list is filtered based on the device that you select.

Configuration templates are predefined stage-2 templates that are added by your OpCo administrators or SP administrators.

Procedure

To add configuration templates and set the parameters for the selected configuration templates:

  1. After you select one or more configuration templates, click Set Parameters.

    The Device Configurations page appears. This page consists of two tabs—Configure and Summary.

  2. In the Configure tab, enter values for the parameters in each configuration templates.
  3. (Optional) View the CLI commands in the Summary tab.
  4. Click OK.

    You have added and set the parameters for the configuration templates.

Related Documentation

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit