Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Recommendations

  • Design for a hub-and-spoke topology from day one. It’s the most scalable topology with the least connectivity issues.
  • Hubs that need to be reachable through broadband connections, LTE, or other Internet services must have static and public IP addresses (directly or indirect assigned).
  • Consider local breakout at the spoke for all services that are reachable on the Internet. Do not burden your VPN with that traffic.
  • Check local regulations as they must not filter or restrict communication on destination port 1280 UDP towards the hub. This port is the minimum one needed to set up the secure vector routing between spokes and hubs.
  • Avoid creating too many versions of your templates to account for small changes. Instead, make use of site variables to change settings.
  • It’s recommended to use the first interface of a Session Smart Router (ge-0/0/0) to obtain the IP address using a DHCP lease and then to be able to contact the Juniper Mist cloud through the Internet for device management. This will help to simplify the ZTP and onboarding process. Static interface configurations can then follow, if needed.
  • Should you change the name of a hub profile after deployment then you also need to edit the WAN Interface configuration on your spoke templates. This is because the names of the VPN endpoints change as well that are needed to establish the VPN.