- play_arrow Introduction
- play_arrow Customer Portal Overview
- About the Customer Portal User Guide
- Customer Portal Overview
- Accessing Customer Portal
- Personalize the Customer Portal
- Switching the Tenant Scope
- Setting Up Your Network with Customer Portal
- About the Customer Portal Dashboard
- Changing the Customer Portal Password
- Resetting the Password
- Changing the Password on First Login
- Set a New Password After Your Existing Password Expires
- Configuring Two-Factor Authentication
- Extending the User Login Session
- Resend Activation Link in Customer Portal
- View and Edit Tenant Settings
- play_arrow Users and Roles
- Role-Based Access Control Overview
- About the Users Page in Customer Portal
- Adding Tenant and OpCo Tenant Users
- Editing and Deleting Tenant and OpCo Tenant Users
- Resetting the Password for Tenant Users
- Roles Overview
- About the Tenant Roles Page
- Adding User-Defined Roles for Tenant Users
- Editing, Cloning, and Deleting User-Defined Roles for Tenant Users
- Access Privileges for Role Scopes (Tenant and Operating Company)
- play_arrow SD-WAN and NGFW Deployments
-
- play_arrow Managing Devices and Resources
- play_arrow Managing Authentication
- play_arrow Managing Devices
- Device Redundancy Support Overview
- Activate a Device
- Activating Dual CPE Devices (Device Redundancy)
- Viewing the History of Tenant Device Activation Logs
- Zero Touch Provisioning Overview
- Workflow for Onboarding a Device Using ZTP
- Configure an SRX Series CPE to Discover an EX Series Switch or AP Connected to the CPE
- play_arrow Managing Device Images
- play_arrow Managing Resources
- Multidepartment CPE Device Support
- About the Devices Page
- Perform Return Material Authorization (RMA) for a Device
- Grant Return Material Authorization (RMA) for a Device
- Manage a Single CPE Device
- Rebooting a CPE Device
- Configuring APN Settings on CPE Devices
- Identifying Connectivity Issues by Using Ping
- Identifying Connectivity Issues by Using Traceroute
- Remotely Accessing a Device CLI
- View the Current Configuration on a Device
- Generate Device RSI for Enterprise Hub and Spoke Devices
- Configuring the Firewall Device
- About the Physical Interfaces Page
- About the Logical Interfaces Page
- Adding a Logical Interface
- Editing, Deleting, and Deploying Logical Interfaces
- Enable LLDP on a CPE Interface
- Create LAG Interface
- Create a RETH Interface
- Create a Redundancy Group
- Manage Redundancy Groups
- Adding a Security Zone
- Adding a Routing Instance
- Create Management Connectivity Between a CPE and a Switch
- Discover an EX Series Switch or APs Configured Behind a CPE
- View an EX Series Switch or an AP on Mist
- View an SRX Series CPE on Juniper Mist
- About the Static Routes Page
- Adding a Static Route
- Editing, Deleting, and Deploying Static Routes
- play_arrow Managing Device Templates
- play_arrow Managing Configuration Templates
- Configuration Templates Overview
- Configuration Templates Workflow
- About the Configuration Templates Page
- Predefined Configuration Templates
- Edit, Clone, and Delete Configuration Templates
- Deploy Configuration Templates to Devices
- Undeploy a Configuration Template from a Device
- Dissociate a Configuration Template from a Device
- Preview and Render Configuration Templates
- Import Configuration Templates
- Export a Configuration Template
- Assign Configuration Templates to Device Templates
- Add Configuration Templates
- Jinja Syntax and Examples for Configuration Templates
- View the Configuration Deployed on Devices
- play_arrow Managing Licenses
- play_arrow Managing Signature Database and Certificates
- Signature Database Overview
- About the Signature Database Page
- Manually Installing Signatures
- Automating Signature Database Installation
- Managing Signature Installation Settings (Auto Installation)
- Certificates Overview
- About the Certificates Page
- Importing a Certificate
- Installing and Uninstalling Certificates
- About the VPN Authentication Page
- Modify PKI Settings for All Sites
- Modify PKI Settings for Selected Sites
- play_arrow Managing Juniper Identity Management Service
-
- play_arrow Managing Policies, Profiles, and Proxies
- play_arrow Managing Firewall Policies
- Firewall Policy Overview
- About the Firewall Policy List Page
- About the Firewall Policy Name Page
- Adding a Firewall Policy
- Editing and Deleting Firewall Policies
- Adding Firewall Policy Intents
- Editing, Cloning, and Deleting Firewall Policy Intents
- Selecting Firewall Source
- Selecting Firewall Destination
- Firewall Policy Examples
- Firewall Policy Schedules Overview
- About the Firewall Policy Schedules Page
- Creating Schedules
- Editing, Cloning, and Deleting Schedules
- Deploying Firewall Policies
- About the Default Profiles for Unified Firewall Policy Page
- Editing Default Settings for the Unified Firewall Policy
- Importing Policies Overview
- Importing Firewall Policies
- play_arrow Managing Content Security Profiles
- Content Security Overview
- Configuring Content Security Settings
- About the Content Security Profiles Page
- Creating Content Security Profiles
- Editing, Cloning, and Deleting Content Security Profiles
- About the Web Filtering Profiles Page
- Creating Web Filtering Profiles
- Editing, Cloning, and Deleting Web Filtering Profiles
- About the Antivirus Profiles Page
- Creating Antivirus Profiles
- Editing, Cloning, and Deleting Antivirus Profiles
- About the Antispam Profiles Page
- Creating Antispam Profiles
- Editing, Cloning, and Deleting Antispam Profiles
- About the Content Filtering Profiles Page
- Creating Content Filtering Profiles
- Editing, Cloning, and Deleting Content Filtering Profiles
- About the URL Patterns Page
- Creating URL Patterns
- Editing, Cloning, and Deleting URL Patterns
- About the URL Categories Page
- Creating URL Categories
- Editing, Cloning, and Deleting URL Categories
- play_arrow Managing SLA Profiles and SD-WAN Policies
- Traffic Steering Profiles and SD-WAN Policies Overview
- About the SD-WAN Policy Page
- Creating SD-WAN Policy Intents
- Editing and Deleting SD-WAN Policy Intents
- Application Quality of Experience Overview
- Configure and Monitor Application Quality of Experience
- About the SLA-Based Steering Profiles Page
- Adding SLA-Based Steering Profiles
- Editing and Deleting SLA-Based Steering Profiles
- About the Path-Based Steering Profiles Page
- Adding Path-Based Steering Profiles
- Editing and Deleting Path-Based Steering Profiles
- Breakout and Breakout Profiles Overview
- About the Breakout Profiles Page
- Adding Breakout Profiles
- Adding Cloud Breakout Settings
- Assigning Cloud Breakout Settings to Sites
- Detaching Cloud Breakout Settings from Sites
- Editing Breakout Profiles and Cloud Breakout Settings
- Deleting Breakout Profiles and Cloud Breakout Settings
- Configuring Breakout on SD-WAN Sites
- play_arrow Managing NAT Policies
- NAT Policies Overview
- About the NAT Policies Page
- Creating NAT Policies
- Editing and Deleting NAT Policies
- About the Single NAT Policy Page
- Creating NAT Policy Rules
- Editing, Cloning, and Deleting NAT Policy Rules
- Deploying NAT Policy Rules
- Selecting NAT Source
- Selecting NAT Destination
- NAT Pools Overview
- About the NAT Pools Page
- Creating NAT Pools
- Editing, Cloning, and Deleting NAT Pools
- Deploying NAT Policies
- Importing NAT Policies
- play_arrow Managing IPS Signatures and Profiles
- About the IPS Signatures Page
- Create IPS Signatures
- Create IPS Signature Static Groups
- Create IPS Signature Dynamic Groups
- Edit, Clone, and Delete IPS Signatures
- Edit, Clone, and Delete IPS Signature Static Groups
- Edit, Clone, and Delete IPS Signature Dynamic Groups
- About the IPS Profiles Page
- Create IPS Profiles
- Edit, Clone, and Delete IPS Profiles
- About the <IPS-Profile-Name> / Rules Page
- Create IPS or Exempt Rules
- Edit, Clone, and Delete IPS or Exempt Rules
- play_arrow Managing SSL Proxies
- SSL Forward Proxy Overview
- About the SSL Proxy Policy Page
- Creating SSL Proxy Policy Intents
- Editing, Cloning, and Deleting SSL Proxy Policy Intents
- Understanding How SSL Proxy Policy Intents Are Applied
- About the SSL Proxy Profiles Page
- Creating SSL Forward Proxy Profiles
- Editing, Cloning, and Deleting SSL Forward Proxy Profiles
- Configuring and Deploying an SSL Forward Proxy Policy
- play_arrow Deploying Policies
-
- play_arrow Managing Network Services and Shared Objects
- play_arrow Configuring Network Services
- play_arrow Managing Shared Objects
- Addresses and Address Groups Overview
- About the Addresses Page
- Creating Addresses or Address Groups
- Editing, Cloning, and Deleting Addresses and Address Groups
- Services and Service Groups Overview
- About the Services Page
- Creating Services and Service Groups
- Creating Protocols
- Editing and Deleting Protocols
- Editing, Cloning, and Deleting Services and Service Groups
- Application Signatures Overview
- About the Application Signatures Page
- Understanding Custom Application Signatures
- Adding Application Signatures
- Editing, Cloning, and Deleting Application Signatures
- Adding Application Signature Groups
- Editing, Cloning, and Deleting Application Signature Groups
- About the Departments Page
- Add a Department
- Delete a Department
- About the Protocols Page
- Add a Protocol Endpoint
- Edit or Delete Protocol Endpoint
-
- play_arrow Monitoring Jobs and Audit Logs
- play_arrow Managing Jobs
- play_arrow Managing Audit Logs
-
- play_arrow Monitoring Alarms, Events, and Threats
- play_arrow Monitoring Security Alerts and Alarms
- About the Monitor Overview Page
- Alerts Overview
- About the Generated Alerts Page
- About the Alert Definitions/Notifications Page
- Managing Security Alerts Definitions
- Creating Security Alert Definitions
- Editing, Cloning, and Deleting Security Alert Definitions
- About the Alarms Page
- Enable E-mail Notifications for SD-WAN Alarms
- Rogue Device Detection
- Monitoring Support for LTE Links on Dual CPEs
- play_arrow Monitoring Security
- About the All Security Events Page
- About the Firewall Events Page
- About the Web Filtering Events Page
- About the IPsec VPNs Events Page
- About the Content Filtering Events Page
- About the Antispam Events Page
- About the Antivirus Events Page
- About the IPS Events Page
- About the Screen Events Page
- About the Traffic Logs Page
- play_arrow Monitoring SD-WAN Events
- play_arrow Monitoring Applications
- About the SLA Performance of a Single Tenant Page
- Viewing the SLA Performance of a Site
- Viewing the SLA Performance of an Application or Application Group
- Application Visibility Overview
- About the Application Visibility Page
- About the User Visibility Page
- Viewing Application or User Visibility Data for Specific Sites
- play_arrow Monitoring Threats
- Syslog Streaming
-
- play_arrow Managing Reports
- play_arrow Security Reports
- Reports Overview
- About the Security Report Definitions Page
- Scheduling, Generating, Previewing, and Sharing Security Reports
- About the Security Generated Reports Page
- Creating Log Report Definition
- Creating Bandwidth Report Definition
- Creating ANR Report Definition
- Editing, Deleting, and Cloning Log Report Definitions
- Editing, Deleting, and Cloning Bandwidth Report Definitions
- Editing, Deleting, and Cloning ANR Report Definitions
- play_arrow SD-WAN Reports
-
ON THIS PAGE
Edit Site Examples
This topic provides examples on how you can use the edit site feature to configure a site for different real-time deployment scenarios. Once you have onboarded a site, you can easily configure a site by modifying the required site parameters without disrupting traffic through the site.
We start with an SD-WAN site connected to CSO through an OAM WAN link. You require only one OAM WAN link to onboard a site using ZTP.
Figure 1 shows a simple site onboarding topology with a single WAN link (WAN0). The WAN0 link has secure OAM tunnels and iBGP peering with vRR configured on it. Stage-2 configurations can be applied to the device.
You can now edit the site properties to deploy services such as SD-WAN or NGFW on this site.
To edit the WAN properties of the site in Customer Portal:
Click Resources > Site Management.
The Site Management Page appears.
Select the site you want to edit and click the Edit icon (pencil).
The Edit Site page appears.
Note:You can edit the parameters of a site in Configuration-Failed, Provisioned, or Partially-Provisioned state.
Click Next.
The WAN tab appears displaying all the WAN links and its link parameters. For more information on each parameter, see Edit Branch and Enterprise Hub Site Parameters.
You can now follow the examples in this topic to know how you can edit the WAN properties for different deployments. An SD-WAN Customer Premise Equipment (CPE) is used as a branch router in the following examples.
Example 1: Configure a Site with a LAN segment, WAN link, and Local Breakout Enabled
Figure 2 shows a remote site with a LAN segment, and an active WAN link (WAN0) with local breakout and automatic NAT rule creation enabled. For information on adding LAN segments, see Managing LAN Segments on a Tenant Site.
Traffic passes through the WAN0 link to the internet or cloud applications.
To enable local breakout and autocreate NAT rules on the WAN0 link, on the WAN tab of the Edit Site page, in the Advanced Settings, click Enable Local Breakout and Autocreate Source NAT Rule toggle buttons. Post activation of the site, basic firewall policy is auto-deployed on the WAN0 link.
Example 2: Configure a Site with a LAN Segment, Active WAN Link, Backup WAN Link, and Local Breakout Enabled
Figure 3 shows an alternative deployment scenario to Example 1: Configure a Site with a LAN segment, WAN link, and Local Breakout Enabled by adding a backup WAN link (WAN 1).
To add the WAN1 backup link, on the WAN tab of the Edit Site page:
Enable an additional WAN link by clicking the toggle button on the right of the WAN link.
In the Advanced Settings of the newly enabled WAN link, click the Backup Link toggle button.
The site now has local breakout with automatic NAT rule creation enabled on both the WAN links (WAN0 and WAN1). By default, the traffic goes through the WAN0 link. If there is a failure on WAN0 link, the traffic is directed to the WAN1 link.
Example 3: Configure a Site with a LAN Segment and Two Active WAN Links
Figure 4 shows an alternative deployment scenario to Example 2: Configure a Site with a LAN Segment, Active WAN Link, Backup WAN Link, and Local Breakout Enabled. You can configure the SDWAN policy such that some applications use MPLS link and others use Internet links. In this example, the site is configured with two active WAN links: WAN0 as an MPLS link and WAN1 as an Internet link.
To edit the link type of a WAN link, on the WAN tab of the Edit Site page, select MPLS or Internet from the Link Type list.
You can add two active WAN links or change the backup link to an active link.
To change the backup link to an active link, in the Advanced Settings of the selected WAN link, disable the Backup Link toggle button.
The application traffic passes through both the active links based on the type of traffic from different applications. In this example, for traffic from non-critical applications like YouTube, an Internet link is used.
Example 4: Configure a Site integrated with Zscaler
Figure 5 shows Zscaler, a cloud-based security platform, integrated to the active WAN1 link. If you select the cloud breakout option, GRE or IPsec tunnels are formed between the CPE device to the Zscaler device and all internet traffic breaks through this tunnel. For more information, see Adding Cloud Breakout Settings.
Example 5: Configure Site-to-Site Traffic Through DVPN Tunnels
Figure 6 shows a deployment scenario with two SD-WAN CPEs connected through Dynamic VPN (DVPN) tunnels, without connecting to any hubs.
To enable the DVPN tunnels between the two CPEs:
Enable full mesh on the WAN links
Add matching mesh tags on the WAN links
To enable full mesh a WAN link and select the required mesh tag, on the WAN tab of the Edit Site page, in the Advanced Settings:
Click Use For Fullmesh toggle button
Select the required Mesh tag from the list.
Example 6: Configure a Fully Functional Site with Enterprise and Provider Hubs
Figure 7 shows how SD-WAN CPE1 and SD-WAN CPE2 are connected to a provider hub and an enterprise hub in all network topologies: hub-and-spoke, partial mesh using DVPN, and full mesh. You can enable AppQoE, central breakout, and other functions on the WAN links to create a fully functional SD-WAN CPE.
To connect CPEs to hubs, on WAN tab on the Edit Site page, in the Advanced Settings, click Connects to Hubs and select the Overlay Peer Interface and Overlay Tunnel Type.
