Edit On-Premise Spoke and Enterprise Hub Site Parameters

Tenant administrator users can modify the parameters configured for an on-premise spoke site or an enterprise hub site from the Site Management page (Resources > Site Management).

Note You cannot edit cloud spoke sites.

Procedure

To edit the parameters configured for an on-premise spoke site or an enterprise hub site:

  1. Select Resources > Site Management.

    The Site Management page appears.

  2. Select the site whose parameters you want to modify and click the Edit icon (pencil).

    The Edit Site page appears, displaying the same fields that are presented when you add a site.

    Note You can edit the parameters of a site in any one of the following states:

    • Configuration-Failed

    • Partially-Provisioned

    • Provisioned

  3. Modify the site parameters as described in:

    For more information on each parameter, see Add an On-Premises Spoke Site with SD-WAN Capability.

  4. (Optional) Review the configuration in the Summary tab and modify the parameters, if required.
  5. Do one of the following:

    If you click Finish, an Edit Site job is triggered and a job link appears on the Site Management page.

    You can click the job link to view details of the job (including job status, start date and time, and end date and time). Alternatively, you can view the status of the job on the Jobs (Monitor > Jobs) page.

    After the Edit Site job is completes successfully, a confirmation message indicating that the site is updated, appears on top of the Site Management page.

Note The following operations take several minutes (greater than 15 minutes) based on the number of sites connected in the network:

Table 35: Editable fields for an on-premise spoke site and enterprise hub site

 

Editable Parameters

Site Type

Description

General

Note:

  • To edit the WAN parameters of an on-premise spoke site or an enterprise hub site, ensure that the site version is 5.3.0 or higher. If the site version is of an earlier release, you must upgrade the site. For more information, see Upgrading Sites.

  • For on-premise spoke site or an enterprise hub site with 5.2.0 or earlier site versions, only advanced configuration fields are editable. You can find the version of a site in the Version column on the Site Management page.

On-Demand VPN Threshold

Enterprise hub site

SD-WAN on-premise spoke site

Edit the number of sessions specified for the Threshold for Tunnel Creation or Threshold for Tunnel Deletion.

Address and Contact Information

Enterprise hub site

SD-WAN on-premise spoke site

Edit the Street Address, City, State/Province, ZIP/Postal Code, Country, Contact Name, Email, or Phone Number.

Advanced Configuration

Enterprise hub site

SD-WAN on-premise spoke site

Edit the Domain Name Server (DNS) IP address, Network Address Translation (NTP) Server IP address, or the selected Timezone.

WAN

You can do one of the following:

  • Edit the WAN parameters (specified below) of an existing WAN link.

  • Add a new WAN link by clicking the toggle button next to the WAN link name and specifying the WAN parameters.

  • Delete an existing WAN link by clicking the enabled toggle button next to the WAN link name.

Note: You cannot edit the device series (for example, NFX Series to SRX Series devices) as this change requires the site to be deleted and added again.

WAN Links

For each WAN link, you can edit the following properties:

Re-Deploy WAN Link

Enterprise hub site

SD-WAN on-premise spoke site

Click the toggle button to enable editing the WAN parameters of the partially deployed WAN link.

Link Type

Enterprise hub site

SD-WAN on-premise spoke site

Select MPLS or an Internet link.

Access Type

SD-WAN on-premise spoke site

You cannot edit the Access Type field because you cannot add the same WAN link with different access types as it depends on the slots configured on the device. If needed, you can delete the WAN link and add a new WAN link.

PPPoE/PPP

SD-WAN on-premise spoke site

Click the toggle button to enable or disable authenticated address assignment for the WAN link by using PPPoE (Point-to-Point Protocol over Ethernet) or PPP (Point-to-Point Protocol). If you’ve enabled this toggle button, in the PPPoE/PPP Settings section, you can modify the username, password, and the authentication protocol.

PPPoE works with Ethernet, ADSL, and VDSL access types while PPP works with the LTE access type.

Note: The PPPoE/PPP toggle button is not supported for Internet links with LTE access type.

Access Point Name (APN)

SD-WAN on-premise spoke site

Edit the access point name (APN), for the CPE device, which is specified by the service provider.

This field is displayed only if you’ve enabled the PPPoE/PPP toggle button for MPLS links with LTE as the access type. If you’ve disabled the PPPoE/PPP toggle button for these links, CSO uses the default APN settings.

Egress Bandwidth

Enterprise hub site

SD-WAN on-premise spoke site

Edit the maximum bandwidth (in Mbps) allowed for the WAN link.

Address Assignment

Enterprise hub site

SD-WAN on-premise spoke site

Select DHCP (Dynamic Host Control Protocol) or STATIC.

If you select STATIC as the method of assigning an IP address to the WAN link, you can also edit the Static IP Prefix and Gateway IP address of the device.

Note:

  • For enterprise hubs, you can select only the STATIC method for address assignment.

  • For SD-WAN on-premise spoke sites using Internet or MPLS links with LTE access type (and PPPoE/PPP disabled for MPLS links), you can select only the DHCP method for address assignment.

Public IP Address (Only for enterprise hub sites)

Enterprise hub site

Edit the public IPv4 address configured for the WAN link.

Advanced Settings

Provider

Enterprise hub site

SD-WAN on-premise spoke site

Edit the Internet Service Provider (ISP) name.

Cost/Month

Enterprise hub site

SD-WAN on-premise spoke site

Edit the cost of using the WAN link per month (range is 1 through 10000). You can select the currency of the cost from the adjacent list.

Enable Local Breakout

Enterprise hub site

SD-WAN on-premise spoke site

Click the toggle button to enable or disable the local breakout on the site.

If you enabled local breakout, you can:

  • Edit the Breakout Options to use the WAN link for both breakout and WAN traffic (default) or only for breakout traffic.

  • Click the Autocreate Source NAT Rule toggle button to enable or disable the automatic creation of source Network address translation (NAT) rules. If enabled, from the Translation list, you can edit the type of NAT to be used for the traffic (interface or pool). For pool-based NAT, you can edit one or more IP Addresses.

  • Click the BGP Underlay Options toggle button to enable or disable the BGP underlay routing. If enabled, you can edit Secondary Neighbor IP address, eBGP Peer-AS-Number, Local AS Number, Authentication for BGP route (none or MD5), whether you want to Advertise Public LAN Prefixes.

Use For Fullmesh

Enterprise hub site

SD-WAN on-premise spoke site

Click the toggle button to specify whether the WAN link can be a part of a full mesh topology. If enabled, you can edit:

  • Mesh overlay link type: If the link type is MPLS, select GRE-IPSEC or GRE as the mesh overlay link. If the link type is Internet, the value for mesh overlay link type is GRE_IPSEC.

  • Mesh tags: Select the associated mesh tags for on-demand tunnel creation.

    Note: For on-premise spoke sites, you can select only one mesh tag for each WAN link. For enterprise hubs, you can select one or more mesh tags for each WAN link.

Use for OAM Traffic

Enterprise hub site

SD-WAN on-premise spoke site

Click the toggle button to enable or disable sending the OAM traffic over the WAN link.

Connects to Hubs

Enterprise hub site

SD-WAN on-premise spoke site

Click the toggle button to specify whether or not the WAN link of the site connects to a hub. If enabled, you can edit:

  • Overlay Tunnel Type: If the link type is MPLS, select GRE-IPSEC or GRE as the overlay tunnel type. If the link type is Internet, the value for tunnel overlay link type is GRE_IPSEC.

  • Overlay Peer Interface: Modify the interface name of the hub device to which the WAN link of the site is connected.

Backup Link

Enterprise hub site

SD-WAN on-premise spoke site

Click the toggle button to enable or disable the backup link through which traffic can be routed when the primary link is unavailable.

Default Link

Enterprise hub site

SD-WAN on-premise spoke site

Click the toggle button to enable or disable the default link though which traffic can be routed when matching SD-WAN policy intents are unavailable.

Data VLAN ID

Enterprise hub site

SD-WAN on-premise spoke site

Edit the VLAN ID.

Range: 0 through 4049 (4050 to 4094 is reserved by CSO).

Table 36: Editable fields for on-premise spoke sites with NGFW capability

 

General

Address and Contact Information

Edit the Street Address, City, State/Province, ZIP/Postal Code, Country, Contact Name, Email, or Phone Number.

Advanced Configuration

Edit the Domain Name Server (DNS) IP address, Network Address Translation (NTP) Server IP address, or the selected Timezone.

Device Information

In-band Management Port

Edit the port configured as the management interface to connect to a management device. You can configure any of the ge-0/0/x ports (x ranging from 0 to 14) as in-band management interfaces.