Create a Site | SD Cloud | Juniper Networks

Select Secure Edge>Service Management>Sites.

The Sites page appears.

Click the add icon (+).

The Create Site page opens.

Configure the fields on the Site Details tab according to the guidelines in Table 1.

Note:

Fields in the Secure Edge UI marked with an asterisk (*) are mandatory.

Table 1: Site Details Settings
Setting	Guideline
Service Locations
Service location A	Select the first service location A from the list to which your on-premises sites should connect.
Service location B	Select the second service location B from the list to which your on-premises sites should connect.
Number of Users	Enter the number of users at the site.
Site Details
Name	Enter a unique string for the site name containing maximum 63 alphanumeric characters. The name can contain dashes and underscores.
Description	Enter a description containing maximum 255 characters for the site.
Country	Select the country where the site is located.
Postal code	Enter the postal code of the site.
Site address	Enter the location address of the site.
External probe	Enable this option for a site to allow CPE to check tunnel health status by sending ICMP packets to the probe destination. For more information on the probe destination, see About the External Probe Page.
Protected networks	Click the add icon (+) to enter the IP address ranges at the site that should have access to Secure Edge.

Click Next.

The Traffic Forwarding page appears.

Click + to add CPE and interfaces or click on the pencil icon to edit the existing traffic forwarding configuration.

Configure the fields on the Traffic Forwarding page according to the guidelines in Table 2.

Table 2: Traffic Forwarding Settings
Setting	Guideline
Add CPE and Interfaces.
CPE Name	Enter the CPE device name for the site. To configure the interfaces: Click + and enter the following details: Interface Name—Enter interface name. Tunnel Type—Select the type of tunnel as either IPsec or GRE to forward the traffic. IP Address Type—Enter the device IP address. This option is enabled only when you select the IPsec IP address type as Static IP address, or when you select the type of tunnel as GRE. IKE ID—Enter the Internet Key Exchange (IKE) ID (domain name) for the site. This option is enabled only when you select the type of IP address as Dynamic IP address. External Interface—Enter the external interface name. An external interface is the method by which you connect your device to the Internet/network. The default value is ge-0/0/0.0. Click the tick icon on the right-side of the row once done with the configuration or click X to cancel.
IPsec Profile Name	Select the IPsec profile from the list. To create a new IPsec profile, click Create New. For information on the IPsec profile field options, see Create an IPsec Profile. Note: This option is enabled only when you select tunnel type as IPsec.
Pre-shared key	Enter the pre-shared key to authenticate the remote access user. The key should be minimum 6 characters long with at least one lower case, one upper case, one number and one special character. Note: This option is enabled only when you select tunnel type as IPsec.

Click OK and then click Close.

Click Next.

The CPE Configuration page appears.

Note:

When you enable Skip CPE Configuration, the CPE routing configuration is not generated. When you expand the site name and then click View under Tunnel Configurations, Junos CLI tab shows no configuration.

Enable Skip CPE Configuration when configuring a CPE device using Mist, when configuring a Juniper SSR SD-WAN device, or when configuring a third-party CPE device.

Disable Skip CPE Configuration when configuring a Junos CPE device using the CLI editor to allow Secure Edge to generate a proposed Junos CLI tunnel configuration. Copy and paste this configuration into the Junos CPE device's CLI editor.

Configure the fields on the CPE Configuration page according to the guidelines in Table 3.

Table 3: Traffic Forwarding Configuration Settings on the CPE Configuration Page
Setting	Guideline
CPE Name	Displays the CPE device name of the site. Note: To edit this option, click Back at the top-right corner and edit the configuration in Traffic Forwarding page.
Interfaces	Displays the number of external interfaces configured. Hover over the number to view the interface details. The default value is ge-0/0/0.0. Note: To edit this option, click Back at the top-right corner and edit the configuration in Traffic Forwarding page.
IPsec Profile Name	Displays the IPsec profile name that you have selected while configuring the Traffic Forwarding. Note: To edit this option, click Back at the top-right corner and edit the configuration in Traffic Forwarding page.
Pre-shared Key	Displays the pre-shared key that you have entered while configuring the Traffic Forwarding. Note: To edit this option, click Back at the top-right corner and edit the configuration in Traffic Forwarding page.

When Skip CPE Configuration is disabled, you can configure the following options (optional):

Select the CPE and click the pencil icon on the right-side of the row.

Configure the CPE routing configuration fields on the CPE Configuration page according to the guidelines in Table 4

Table 4: CPE Configuration Settings
Setting	Guideline
Primary SL	Select the Service Location from the list that primarily process the traffic sent from Site CPE device to Secure Edge. If the primary Service Location fails, the other service location becomes the secondary and process the traffic from the Site CPE device to Secure Edge. The default service location is Service Location A.
Tunnel seed	Enter the tunnel seed number between 1 and 1000. This seed number determines Junos OS CLI tunnel interface identifiers. For example, the first tunnel interface is assigned the designator SEED+1 and the second tunnel interface is assigned the designator SEED+2. The default value is 1.
Tunnel Security Zone	Enter the type of zone for tunnel security. The default zone is trust.
External Interface Zone	Enter the type of zone for external interface. The default zone is untrust.
Tunnel Routing-Instance	Enter the routing instance that contains the tunnel destination address. Your configuration may not have a routing-instance. If so, leave this field blank.

Scroll-down and click the tick icon on the right-side of the row once the configuration is complete.

Click Next.

The summary tab with the details entered in Site Details tab, Traffic Forwarding tab and CPE Configuration opens.

Review the summary and click Finish to complete Site creation.

The Sites page opens with a message that the operation is in progress and then successful.

The new site is added to Juniper Secure Edge.

Note:

If you see Failed in the Deploy Status column, recheck your service location configurations.
If you want to undeploy the created site or any existing deployed sites, select the site and click Undeploy at the top-right corner of the page.

Click the arrow before the site name to view the CPE and tunnel configuration details.

Click View in the Tunnel Configurations column.

The View Tunnel Configurations page appears showing the tunnel configuration commands and the configuration summary.

Click Copy to Clipboard in the Junos CLI tab or follow the configuration in the Configuration Summary tabs accordingly and paste it to the device to configure tunnels.

After configuring the tunnels successfully, expand the site name and then click View under Tunnel Configurations to view the following operational status:

Green tick icon indicates the number of tunnels that are configured successfully in Juniper Secure Edge.
Red x icon indicates the number of tunnels that are inactive between the CPE device and Juniper Secure Edge.

You can also view the tunnel status at Monitor > Tunnel Status > Site Tunnel Status. For more information, see About the Site Tunnel Status Page.