Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Create a Site

You can forward Internet-bound traffic from CPE devices that are located at a site to Juniper Secure Edge through GRE or IPsec tunnels. You can create the following types of tunnels:

  • GRE
  • IPsec: Static or Dynamic
  1. Select Secure Edge > Service Management > Sites.

    The Sites page is displayed.

  2. Click +.

    The Create Site page is displayed.

  3. Configure the fields on the Site Details tab according to the guidelines in Fields on the Site Details Tab.
    Table 1: Fields on the Site Details Tab

    Setting

    Guideline
    Service Locations
    Service location A

    Select the first service location A from the list to which your on-premises sites should connect.
    Service location B

    Select the second service location B from the list to which your on-premises sites should connect.

    Number of Users

    Enter the number of users at the site.
    Site Details

    Name

    Enter a name for the site containing maximum 63 alphanumeric characters.

    The name can contain dashes (-) and underscores (_).

    Description

    Enter a description containing maximum 255 characters for the site.

    Country

    Select the country where the site is located.

    Postal code

    Enter the postal code of the site.

    Site address

    Enter the location address of the site.

    Protected networks

    Select one of the following options to add IP address ranges or address groups at the site that should have access to Juniper Secure Edge:

    • Add protected networks—Enter the IP address ranges, or click + to add new IP addresses that should have access to Juniper Secure Edge.

    • Add protected networks using address groups—Select the IP address ranges using address groups, or click Create New to add new address groups that should have access to Juniper Secure Edge.
  4. Click Next.

    The Traffic Forwarding tab is displayed.

  5. Click + to add CPE and interfaces.
    The Add CPE and Interfaces page is displayed.
  6. Configure the fields on the Add CPE and Interfaces page according to the guidelines in Fields on the Add CPE and Interfaces Page.
    Table 2: Fields on the Add CPE and Interfaces Page
    Field Guideline
    CPE Name Enter the CPE device name for the site. To configure the interfaces:

    1. Click +, and enter the following details:

      1. Interface Name—Enter a name for the interface.

      2. Tunnel Type—Select GRE or IPsec as the tunnel type to forward the traffic.

      3. IP Address Type—Select the IP address type. If you select, Static IP address, you must also enter the device IP address. This option is available only when you select Static IP address or when you select GRE as the tunnel type.

      4. IKE ID—Enter the IKE ID for the site. This option is available only when you select Dynamic IP address as the IP address type.

      5. External Interface—Enter the external interface name. An external interface is the method by which you connect your device to the Internet/network. The default value is ge-0/0/0.0.

    2. Click to save the configuration.
    IPsec Profile Name

    Select the IPsec profile from the list. To create an IPsec profile, click Create New.

    This option is available only when you select IPsec as the tunnel type.

    For information about the IPsec profile field options, see Create an IPsec Profile.
    Pre-shared key Enter the pre-shared key containing minimum six characters to authenticate the remote access user. The key must contain a lowercase letter, an uppercase letter, a number, and a special character.

    This option is available only when you select IPsec as the tunnel type.
  7. Click OK, then click Close.
  8. Click Next.
    The CPE Configuration tab is displayed.
  9. Choose whether to skip the CPE configuration.

    • Enable Skip CPE Configuration when configuring a CPE device using Mist, a Juniper Session Smart Router in Juniper's SD-WAN solution, or a third-party CPE device.

      When you enable Skip CPE Configuration, the CPE routing configuration is not generated. When you expand the site name, and click View under Tunnel Configurations, the Junos CLI tab shows no configuration.

    • Disable Skip CPE Configuration when configuring a Junos CPE device using the CLI editor to allow Juniper Secure Edge to generate a proposed Junos CLI tunnel configuration. Copy and paste this configuration into the Junos CPE device's CLI editor.

    To edit Traffic Forwarding Configuration settings, click Back at the top-right corner, and edit the configuration on the Traffic Forwarding tab.

  10. Optional: When Skip CPE Configuration is disabled, you can configure the following options:
    1. Select the CPE, and click .
    2. Configure the CPE routing configuration fields on the CPE Configuration tab according to the guidelines in Fields on the CPE Configuration Page.
      Table 3: Fields on the CPE Configuration Tab
      Setting Guideline

      Primary Service Location

      Select the Service Location from the list that primarily processes the traffic sent from the Site CPE device to Juniper Secure Edge.

      If the primary Service Location fails, the other service location becomes the secondary location and processes the traffic from the Site CPE device to Juniper Secure Edge.

      The default location is Service Location A.
      Tunnel seed

      Enter a tunnel seed number between 1 and 1000. This seed number determines Junos OS CLI tunnel interface identifiers.

      For example, the first tunnel interface is assigned the SEED+1 designator and the second tunnel interface is assigned the SEED+2 designator.

      The default value is 1.
      Tunnel Security Zone

      Enter the zone type for the tunnel security—trust or untrust. The default zone is trust.
      External Interface Zone Enter the zone type for the external interface—trust or untrust. The default zone is untrust.
      Tunnel Routing-Instance Enter the routing instance that contains the tunnel destination address. If your configuration does not have a routing instance, leave this field blank.
    3. Click to save the configuration.
  11. Click Next.

    The summary tab with the details entered in the Site Details tab, the Traffic Forwarding tab, and the CPE Configuration tab is displayed.

  12. Review the summary, and click Finish to complete the site creation.

    The Sites page is displayed with a message that the operation is in progress and then successful.

    • If you see Failed in the Deploy Status column, check your service location configurations.

    • If you want to undeploy the created site or any existing deployed sites, select the site, and click Undeploy on the top-right corner.

The new site is added to Juniper Secure Edge.

  • Expand a site row to view the CPE and tunnel configuration details.

    • A green indicates the number of succesfully configured tunnels in Juniper Secure Edge.

    • A red X indicates the number of inactive tunnels between a CPE device and Juniper Secure Edge.

  • Click View in the Tunnel Configurations column to view the tunnel configuration. Click Copy to Clipboard in the Junos CLI tab to copy and to paste the configuration in your device or follow the configuration in the Configuration Summary tab to configure tunnels.

    You can also view the tunnel status at Monitor > Tunnel Status > Site Tunnel Status.

Related Documentation