CSO SD-WAN Deployment Workflow
CSO makes use of advanced features of the devices used in SD-WAN deployments. In order to use features such as link-switching based on application identification, or remote access IPsec VPNs on vSRX Series devices, you must purchase the required licenses. However, the underlay and overlay networks, and thus SD-WAN connectivity can be established without special licensing.
Ensure that the pre-deployment tasks related to SD-WAN are carried out before you follow the procedure outlined in this topic. See Pre-Deployment Tasks for CSO SD-WAN and Next-Generation Firewall.
The following tasks for configuring SD-WAN must be performed in the tenant scope in Customer Portal.
- :If you are a Tenant Administrator, log in to Customer Portal. If you are an SP Administrator (CSO on-premises) or OpCo Administrator (with appropriate permissions), switch scope to the tenant. See Switch Scope or Log in as Tenant Administrator.
- Although the following optional tasks can are available in Customer Portal, these tasks are typically not performed in the tenant scope:
- For SD-WAN, you can add one or more provider hub sites,
one or more enterprise hub sites, or a combination of provider hub
sites and enterprise hub sites:
You must add at least one hub site before you add an SD-WAN on-premise spoke site.
- If you added enterprise hub sites, perform post-processing tasks for the enterprise hub sites. See Post-Provisioning Tasks for Enterprise Hub and SD-WAN Spoke Sites.
- Add one or more SD-WAN on-premise spoke sites. See Add SD-WAN On-Premise Spoke Sites.
- Perform post-processing tasks for the SD-WAN on-premise spoke sites. See Post-Provisioning Tasks for Enterprise Hub and SD-WAN Spoke Sites.
- (Optional) Configure a cloud spoke site. See Adding Cloud Spoke Sites for SD-WAN Deployment and Provisioning a Cloud Spoke Site in AWS VPC in the CSO Administration Portal User Guide (available on the CSO Documentation page).
- Monitor SD-WAN sites and devices. See Monitor SD-WAN Sites and Devices.