Add an Enterprise Hub Site for SD-WAN Deployments
An enterprise hub is an SD-WAN site that is used to carry site-to-site traffic between on-premise spoke sites and to break out backhaul (central breakout) traffic from on-premise spoke sites.
To add an enterprise hub:
- On the Sites page (Resources > Site Management) of the CSO portal, click Add, and select Enterprise
The Add enterprise hub for Tenant-Name page appears.
- Complete the configuration settings according to the guidelines provided in Table 1.
- Click OK.
When the site is successfully created, the Site Status on the Sites page changes to Provisioned.
If you did not enter serial number while creating the enterprise hub site, you must manually enter the serial number after adding the enterprise hub site, in order to activate the site. See Add Enterprise Hubs with SD-WAN Capability for more information.
Table 1: Enterprise Hub Site Settings
Enter a unique name for the site. You can use alphanumeric characters and hyphen (-); the maximum length is 32 characters.
SD-WAN capability is selected by default. You cannot clear the selection.
Select the device series to which the CPE device belongs—SRX, NFX150, or NFX250.
Select a device template for the selected device series.
The device template contains information for configuring a device.
Enter the serial number of the CPE device.
You can also add the enterprise hub site but activate the site later. If you do not enter the serial number of the CPE device when creating the enterprise hub site, you must enter it while activating the site, using the Activate Site link.
See Add Enterprise Hubs with SD-WAN Capability for more information.
If the selected device template supports auto authorization, Auto Activate is enabled. When Auto Activate is enabled, zero-touch provisioning of the device is automatically triggered when the site is added.
The Activation Code field appears if the selected device template does not support auto authorization or if you disable the Auto Activate option.
In such cases, specify the activation code of the device to manually activate a device. For information about manually activating a device, see Activate a Device.
Enter the IPv4 prefix to be used for the management network. This IP address must be unique across the entire management network.
This field is enabled by default.
You can configure up to 4 WAN links as required.
Select whether the link would be an MPLS link or Internet link.
Note: If the enterprise hub and the SD-WAN branch site are not in the same network, that is if these devices are not directly reachable, select one link as Internet and assign a public IP to the Internet-type link.
Enter the maximum bandwidth, in Mbps, allowed on the WAN link.
Range: 1 through 10,000.
Select the method of assigning an IP address to the WAN link—DHCP or STATIC.
If you select STATIC, you must provide the IP address prefix and the gateway address for the WAN link.
Static IP Prefix
If you configured the address assignment method as STATIC, enter the IP address prefix of the WAN link.
Note: If the enterprise hub and the SD-WAN branch site are not in the same network, assign a public IP to the Internet-type link
Gateway IP Address
If you configured the address assignment method as STATIC, enter the IP address of the gateway of the WAN service provider.
Use For Fullmesh
Click the toggle button to specify whether the WAN link can be a part of a full mesh topology.
A site can have a maximum of three links enabled for meshing.
Add LAN Segment
Enter a name for the LAN segment.
The name for a LAN segment should be a unique string of alphanumeric characters and some special characters (. -). No spaces are allowed and the maximum length is 15 characters.
Select the type of LAN segment:
Select a department to which the LAN segment is to be assigned.
Alternatively, click the Create Department link to create a new department and assign the LAN segment to it. See Add a Department for details.
You group LAN segments as departments for ease of management and for applying policies at the department-level. For LAN segments that are dynamically routed, you can assign only a data center department.
Enter a valid gateway IP address and mask for the LAN segment; for example, 192.0.2.8/24.
Select the ports from the Available column and click the right-arrow to move the ports to the Selected column.