Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Supported Devices for SD-WAN, and Ports and Protocols to Open

 

For the SD-WAN devices supported by CSO, and list of ports or protocols that must be opened for the devices, see:

  • Table 1 for enterprise hub and SD-WAN on-premise spoke devices.

  • Table 2 for provider hub devices.

Note

During the site activation process for SRX4100, SRX4200, and vSRX 3.0, you must copy the stage-1 configuration (generated automatically by CSO) to the device, and commit the configuration on the device.

Before you add a provider hub device, enterprise hub site, or an SD-WAN on-premise spoke site:

  • Connect cables to the device according to your network design, and power on the device.

    • For enterprise hubs and SD-WAN on-premise spoke devices, see the hardware documentation links in Table 1.

      Note

      We assume that the SD-WAN on-premise spoke devices will obtain the DHCP IP address (if DHCP is configured as the address assignment method) and will have Internet connectivity along with DNS resolution, when connected according to the network design.

    • For provider hub devices, see the hardware documentation links in Table 2

  • For enterprise hubs and SD-WAN on-premise spoke devices, ensure that the NAT and firewall ports and protocols listed in Table 1 are open on the network.

  • For provider hubs, ensure that the ports and protocols listed in Table 2 are open on the network.

  • Ensure that the devices are running the recommended version of Junos OS for the CSO release that you are using. For up-to-date information about the supported Junos OS versions in a CSO release, refer to the CSO Release Notes for that release (available at the CSO Documentation page).

  • Before you initiate ZTP for the enterprise hub, ensure that the hub device can connect to CSO.

Table 1: Supported Enterprise Hub and SD-WAN On-Premise Spoke Devices, and NAT and Firewall Ports to Open

Device Model

Supported Site Type

NAT and Firewall Protocols or Ports

WAN Link Ports

Hardware Documentation Links

NFX150

On-premise (SD-WAN) spoke

IP Protocol 50

IP Protocol 51

TCP Port 443

UDP Port 500

UDP Port 4500

TCP Port 8060

heth-0-0

heth-0-5

heth-0-2

heth-0-3

NFX150 Chassis

NFX250

On-premise (SD-WAN) spoke

IP Protocol 50

IP Protocol 51

TCP Port 443

UDP Port 500

UDP Port 4500

TCP Port 7804

TCP Port 8060

ge-0/0/10

ge-0/0/11

xe-0/0/12

xe-0/0/13

NFX250 Chassis

SRX300

SRX320

SRX340

SRX345

On-premise (SD-WAN) spoke

IP Protocol 50

IP Protocol 51

TCP Port 443

UDP Port 500

UDP Port 4500

TCP Port 8060

ge-0/0/0

ge-0/0/1

ge-0/0/2

ge-0/0/3

SRX300 Chassis

SRX320 Chassis

SRX340 Chassis

SRX345 Chassis

SRX550M

On-premise (SD-WAN) spoke

IP Protocol 50

IP Protocol 51

TCP Port 443

UDP Port 500

UDP Port 4500

TCP Port 8060

ge-0/0/0

ge-0/0/1

ge-0/0/2

ge-0/0/3

SRX550 HM Chassis

SRX1500

Enterprise hub

On-premise (SD-WAN) spoke

IP Protocol 50

IP Protocol 51

TCP Port 443

UDP Port 500

UDP Port 4500

TCP Port 8060

ge-0/0/7

ge-0/0/8

xe-0/0/18

xe-0/0/19

SRX1500 Chassis

SRX4100

SRX4200

Enterprise hub

On-premise (SD-WAN) spoke

IP Protocol 50

IP Protocol 51

TCP Port 443

TCP Port 500

UDP Port 4500

TCP Port 8060

xe-0/0/0

xe-0/0/1

xe-0/0/2

xe-0/0/3

SRX4100 Chassis

SRX4200 Chassis

vSRX

Enterprise hub

On-premise (SD-WAN) spoke

IP Protocol 50

IP Protocol 51

TCP Port 443

UDP Port 500

UDP Port 4500

TCP Port 8060

ge-0/0/0

ge-0/0/1

ge-0/0/2

ge-0/0/3

vSRX Deployment Guides

Table 2: Provider Hub Devices Supported, and Ports and Protocols to Open

Device Model

Ports and Protocols

Hardware Documentation Links

SRX1500

IP Protocol 50

IP Protocol 51

TCP and UDP Ports 53 (for DNS)

UDP Port 123 (for NTP)

TCP Port 443

UDP Port 500

UDP Port 4500

SRX1500 Chassis

SRX4100

SRX4200

IP Protocol 50

IP Protocol 51

TCP and UDP Ports 53 (for DNS)

UDP Port 123 (for NTP)

TCP Port 443

UDP Port 500

UDP Port 4500

SRX4100 Chassis

SRX4200 Chassis

vSRX

IP Protocol 50

IP Protocol 51

TCP and UDP Ports 53 (for DNS)

UDP Port 123 (for NTP)

TCP Port 443

UDP Port 500

UDP Port 4500

vSRX Deployment Guides