Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Edit Branch and Enterprise Hub Site Parameters

Tenant administrator users can modify the parameters configured for a branch site or an enterprise hub site from the Site Management page (Resources > Site Management).

Note:

You cannot edit cloud branch sites.

To edit the parameters configured for a branch site or an enterprise hub site:

  1. Select Resources > Site Management.

    The Site Management page appears.

  2. Select the site whose parameters you want to modify and click the Edit icon (pencil).

    The Edit Site page appears, displaying the same fields that are presented when you add a site.

    Note:

    You can edit the parameters of a site in any one of the following states:

    • Configuration-Failed

    • Partially-Provisioned

    • Provisioned

    • Provision-failed

    • Managed

  3. Modify the site parameters as described in:

    • Table 1 for branch and enterprise hub sites.

    • Table 2 for branch sites with Security Services (also referred to as next-generation firewall or NGFW) capability.

    Note:

    You can upgrade a Secure SD-WAN Essentials site to a Secure SD-WAN Advanced site (allowed if the SD-WAN service level of the tenant is upgraded to Advanced) by selecting the Secure SD-WAN Advanced option from the site capability. You can also add secondary hubs to the upgraded sites, if required.

    For more information on each parameter, see Add a Branch Site with SD-WAN Capability and Add Enterprise Hubs with SD-WAN Capability .

  4. (Optional) Review the configuration in the Summary tab and modify the parameters, if required.
  5. Do one of the following:

    • Click Finish to save the changes that you made to the provider hub site.

    • Click Previous to make changes in the previous page.

    • Click Cancel to discard the changes. A dialog box appears asking for your confirmation. Click Yes. The changes you made are lost and you are returned to the Site Management page.

    If you click Finish, an Edit Site job is triggered and a job link appears on the Site Management page.

    You can click the job link to view details of the job (including job status, start date and time, and end date and time). Alternatively, you can view the status of the job on the Jobs (Monitor > Jobs) page.

    After the Edit Site job is completes successfully, a confirmation message indicating that the site is updated, appears on top of the Site Management page.

Note:

The following operations take several minutes (greater than 15 minutes) based on the number of sites connected in the network:

  • Deleting a WAN link

  • Editing the following parameters of a WAN link:

    • Link Type

    • PPPoE

    • Address Assignment Method

    • Use for OAM Traffic

    • Backup Link

    • VLAN ID

  • Redeploying a partially deployed WAN link

Table 1: Editable fields for a branch site and enterprise hub site

Editable Parameters

Site Type

Description

General

Note:

  • To edit the WAN parameters of an on-premise spoke (branch) site or an enterprise hub site, ensure that the site version is 5.3.0 or higher. If the site version is of an earlier release, you must upgrade the site. For more information, see Upgrading Sites.

  • For on-premise spoke (branch) site or an enterprise hub site with 5.2.0 or earlier site versions, only advanced configuration fields are editable. You can find the version of a site in the Version column on the Site Management page.

Site Name

Enterprise hub site

SD-WAN branch site

Edit the name of the site.

You can only use alphanumeric numbers and hyphen. The site name must be unique and the name length must not exceed 32 characters.

Device Host Name

Enterprise hub site

SD-WAN branch site

Edit the device host name for the site.

You can only use alphanumeric numbers and hyphen (-). The device host name must be unique and name length must not exceed 32 characters.

Format: <tenant_name>.<site_name>.

For example, TenantA.Orange.

Note:

The tenant name is always added as a prefix for the device host name. The tenant name part in the device host name cannot be edited.

Address and Contact Information

Enterprise hub site

SD-WAN branch site

Edit the Street Address, City, State/Province, ZIP/Postal Code, Country, Contact Name, Email, or Phone Number.

Advanced Configuration

Enterprise hub site

SD-WAN branch site

Edit the Domain Name Server (DNS) IP address (IPv4 or IPv6, or both), Network Address Translation (NTP) Server IP address, or the selected Timezone.

Device

You can do one of the following:

  • Edit enterprise hub and provider hub configuration.

  • Edit the WAN parameters (specified below) of an existing WAN link.

  • Add a new WAN link by clicking the toggle button next to the WAN link name and specifying the WAN parameters.

  • Delete an existing WAN link by clicking the enabled toggle button next to the WAN link name.

Note:

You cannot edit the device series (for example, NFX Series to SRX Series Firewalls) as this change requires the site to be deleted and added again.

Hub Configuration

Note:

  • You can edit the primary or secondary provider hub only if it is DATA_ONLY provider hub.

  • You can also select None from the following hub configuration settings to run the SD-WAN site in a hub-less mode.

Primary Provider Hub

Enterprise hub site

SD-WAN branch site

Edit the primary provider hub device configured for the site.

Secondary Provider Hub

Enterprise hub site

SD-WAN branch site

Edit the secondary provider hub device configured for the site.

Note:

Not applicable to sites with SD-WAN Essentials service.

Primary Enterprise Hub

SD-WAN branch site

Edit the primary enterprise hub device configured for the site.

Secondary Enterprise Hub

SD-WAN branch site

Edit the secondary enterprise hub device configured for the site.

Note:

Not applicable to sites with SD-WAN Essentials service.

Use Mesh Tags to connect EHub

SD-WAN branch site

This toggle button is enabled by default. If this button is enabled, CSO uses mesh tags to automatically form the overlay tunnel between the site and the enterprise hubs.

Disable this toggle button if you want to manually create static tunnel (per WAN link) between the branch site and the enterprise hubs. If you disable this option, you must manually enable at least one WAN link to connect to the enterprise hub by using the Connects to Enterprise Hubs toggle button in the Advanced Settings of the WAN link.

WAN Links

For each WAN link, you can edit the following properties:

Re-Deploy WAN Link

Enterprise hub site

SD-WAN branch site

Click the toggle button to enable editing the WAN parameters of the partially deployed WAN link.

Link Type

Enterprise hub site

SD-WAN branch site

Select MPLS or an Internet link.

Access Type

SD-WAN branch site

You cannot edit the Access Type field because you cannot add the same WAN link with different access types as it depends on the slots configured on the device. If needed, you can delete the WAN link and add a new WAN link.
Link Redundancy

SD-WAN branch site

You cannot edit the Link Redundancy field for an existing WAN link. If needed, you can delete the WAN link and add it as a new WAN link with the new link redundancy settings.

PPPoE/PPP

SD-WAN branch site

Click the toggle button to enable or disable authenticated address assignment for the WAN link by using PPPoE (Point-to-Point Protocol over Ethernet) or PPP (Point-to-Point Protocol). You can enable PPPoE or PPP per WAN link. If you’ve enabled this toggle button for a WAN link, in the PPPoE/PPP Settings section, you can modify the username, password, and the authentication protocol. You can enable PPPoE or PPP on MPLS-based or internet-based WAN links.

PPPoE works with Ethernet, ADSL, and VDSL access types while PPP works with the LTE access type.

Note:

The PPPoE/PPP toggle button is not supported for Internet links with LTE access type.

Access Point Name (APN)

SD-WAN branch site

Edit the access point name (APN), for the CPE device, which is specified by the service provider.

This field is displayed only if you’ve enabled the PPPoE/PPP toggle button for MPLS links with LTE as the access type. If you’ve disabled the PPPoE/PPP toggle button for these links, CSO uses the default APN settings.
MTU

Enterprise hub site

SD-WAN branch site

Edit the maximum transmission unit (MTU) size for the media or protocol. The supported MTU range can vary depending on the device, interface type, network topology, and other individual requirements.
Note:

Editing the MTU value of a WAN link can affect the traffic flow on that link.

Editing the MTU values of all the OAM-enabled WAN links of a site at the same time might result in tunnel flapping. You must ensure that at least one OAM-enabled WAN link always remains undisrupted for a site. For example, if you have a site with four WAN links (including two links that support OAM traffic), you can edit the MTU values of all the WAN links except one OAM-enabled link at the same time. After the edit is complete and the changes are saved, you can edit the site again and update the remaining WAN link.

Egress Bandwidth

Enterprise hub site

SD-WAN branch site

Edit the maximum bandwidth (in Mbps) allowed for the WAN link.

Underlay Address Families

Enterprise hub site

SD-WAN branch site

  • For enterprise hub sites—You can modify the Static IP Prefix and Gateway IP address of the device.

  • For SD-WAN branch sites—Click either IPv4 or IPv6, or both IPv4 and IPv6 toggle buttons to enable either IPv4 or IPv6, or both IPv4 and IPv6 address assignment respectively, for the WAN link.

    If you enable IPv4 address assignment, you can modify the address assignment method to choose either STATIC or DHCP (Dynamic Host Configuration Protocol). If you enable IPv6 address assignment, you can choose STATIC, DHCP (router advertisement only), or SLAAC (Stateless Address Auto Configuration).

    If you select STATIC as the address assignment method, you can also modify the Static IP Prefix and Gateway IP address of the device.

    Note:

    For SD-WAN branch sites using Internet or MPLS links with LTE access type, you can select only the DHCP method for address assignment.

Public IP Address (Only for enterprise hub sites)

Enterprise hub site

Edit the public IPv4 address configured for the WAN link.

Advanced Settings

Address Family (Tunnel Creation)

Enterprise hub site

SD-WAN branch site

  • For enterprise hub sites—You can select only IPv4 as the underlay address family that is used to establish the overlay tunnel because enterprise hubs support only IPv4 address assignment.

  • For SD-WAN branch sites—Select the underlay address family (IPv4 or IPv6) that is used to establish the overlay tunnel.

    The options on the list are populated based on the address family that you’ve configured for the underlay (either IPv4 or IPv6, or both).

Provider

Enterprise hub site

SD-WAN branch site

Edit the Internet Service Provider (ISP) name.

Cost/Month

Enterprise hub site

SD-WAN branch site

Edit the cost of using the WAN link per month (range is 1 through 10000). You can select the currency of the cost from the adjacent list.

Enable Local Breakout

Enterprise hub site

SD-WAN branch site

Click the toggle button to enable or disable the local breakout on the site.

If you enabled local breakout, you can:

  • Edit the Breakout Options to use the WAN link for both breakout and WAN traffic (default) or only for breakout traffic.

  • Click the Autocreate Source NAT Rule toggle button to enable or disable the automatic creation of source Network address translation (NAT) rules. If enabled, from the Translation list, you can edit the type of NAT to be used for the traffic (interface or pool). For pool-based NAT, you can edit one or more IP Addresses.

    Note:

    Sites with Secure SD-WAN Essentials service support interface-based source NAT rules only. Sites with Secure SD-WAN Advanced service support both Interface-based or Pool-based source NAT rules.

  • Click the BGP Underlay Options toggle button to enable or disable the BGP underlay routing. If enabled, you can edit Secondary Neighbor IP address, eBGP Peer-AS-Number, Local AS Number, Authentication for BGP route (none or MD5), whether you want to Advertise Public LAN Prefixes.

    Note:

    Not applicable to sites with SD-WAN Essentials service.

MAP-E

SD-WAN branch site

Click the toggle button to enable or disable the Mapping of Address and Port with Encapsulation (MAP-E) functionality on the WAN link.

Note:

  • MAP-E is compliant only with the Japan Network Enabler (JPNE) standards.

  • CSO supports MAP-E only on NFX150 devices with IPV6 address assignment and local breakout enabled for the WAN link.

Use For Fullmesh

Enterprise hub site

SD-WAN branch site

Click the toggle button to specify whether the WAN link can be a part of a full mesh topology. If enabled, you can edit:

  • Mesh overlay link type: If the link type is MPLS, select GRE-IPSEC or GRE as the mesh overlay link. If the link type is Internet, the value for mesh overlay link type is GRE_IPSEC.

    Note:

    If you’ve enabled IPv6 address assignment for the WAN links, you can select only GRE-IPSEC as the type of mesh overlay link.

  • Mesh tags: Select the associated mesh tags for on-demand tunnel creation.

    Note:

    For branch sites, you can select only one mesh tag for each WAN link. For enterprise hubs, you can select one or more mesh tags for each WAN link.

Use for OAM Traffic

Enterprise hub site

SD-WAN branch site

Click the toggle button to enable or disable sending the OAM traffic over the WAN link.

Connects to Enterprise Hubs

This field is not displayed if you have enabled the Use Mesh Tags to Connect EHub field in the Hub Configuration section.

Enable this toggle button if you want to manually connect the site to an enterprise hub, without using mesh tags.

Primary EHub Tunnel Type

This field is displayed only if you have enabled the Connects to Enterprise Hubs field.

Select the tunnel type to be used for the connection between the branch site and the primary enterprise hub.

Primary EHub Peer Device

This field is displayed only if you have enabled the Connects to Enterprise Hubs field.

Displays the name of the primary enterprise hub you have selected.

Primary Ehub Peer Interface

This field is displayed only if you have enabled the Connects to Enterprise Hubs field.

Select the primary enterprise hub WAN link that needs to be part of the tunnel. You can select multiple WAN links.

Secondary EHub Tunnel Type

This field is displayed only if you have enabled the Connects to Enterprise Hubs field.

Select the tunnel type to be used for the connection between the branch site and the secondary enterprise hub.

Secondary EHub Peer Device

This field is displayed only if you have enabled the Connects to Enterprise Hubs field.

Displays the name of the secondary enterprise hub you have selected.

Secondary Ehub Peer Interface

This field is displayed only if you have enabled the Connects to Enterprise Hubs field.

Select the secondary enterprise hub WAN link that needs to be part of the tunnel. You can select multiple WAN links.

Connects to Hubs

Enterprise hub site

SD-WAN branch site

Note:

The Connects to Hubs field is available only if you have selected a provider hub.

Click the toggle button to specify whether or not the WAN link of the site connects to a hub. If enabled, you can edit:

  • Overlay Tunnel Type: If the link type is MPLS, select GRE-IPSEC or GRE as the overlay tunnel type. If the link type is Internet, the value for tunnel overlay link type is GRE_IPSEC.

  • Overlay Peer Interface: Modify the interface name of the hub device to which the WAN link of the site is connected.

Backup Link

Enterprise hub site

SD-WAN branch site

Click the toggle button to enable or disable the backup link through which traffic can be routed when the primary link is unavailable.

Default Link

Enterprise hub site

SD-WAN branch site

Click the toggle button to enable or disable the default link though which traffic can be routed when matching SD-WAN policy intents are unavailable.

Data VLAN ID

Enterprise hub site

SD-WAN branch site

Edit the VLAN ID.

Range: 0 through 4049 (4050 to 4094 is reserved by CSO).

Advanced Configurations

Note:

Sites with SD-WAN Essentials service do not support creation or deletion of dynamic mesh tunnels based on a user-defined threshold for the number of sessions closed between two branch sites. However, an OpCo administrator or a tenant administrator can create a static tunnel between a source site and destination site by using the CSO GUI in Customer Portal.

Traffic Volume Metrics

Enterprise hub site

SD-WAN branch site

Choose a method to compute the SD-WAN traffic volume on the WAN links of the site. CSO uses this data to provide a graphical representation of the WAN traffic volume on the Site Details page.

  • Session-Based—Computes and reports the session-based traffic volume on the site's WAN links, at the closure of each session. This is the default method.
  • Time-Based—Computes and reports the traffic volume at periodic intervals during a session.

DVPN Threshold for Tunnel Creation

Enterprise hub site

SD-WAN branch site

Edit the number of sessions specified for the Threshold for Tunnel Creation.

DVPN Threshold for Tunnel Deletion

Enterprise hub site

SD-WAN branch site

Edit the number of sessions specified for the Threshold for Tunnel Deletion.
Table 2: Editable fields for branch sites with NGFW capability

General

Address and Contact Information

Edit the Street Address, City, State/Province, ZIP/Postal Code, Country, Contact Name, Email, or Phone Number.

Advanced Configuration

Edit the Domain Name Server (DNS) IP address, Network Address Translation (NTP) Server IP address, or the selected Timezone.

Device Information

Secure Log Source Interface

Edit the port configured as the management interface to connect to a management device. You can configure any of the ge-0/0/x ports (x ranging from 0 to 14) as in-band management interfaces.

Related Documentation