- play_arrow Introduction
- play_arrow Customer Portal Overview
- About the Customer Portal User Guide
- Customer Portal Overview
- Accessing Customer Portal
- Personalize the Customer Portal
- Switching the Tenant Scope
- Setting Up Your Network with Customer Portal
- About the Customer Portal Dashboard
- Changing the Customer Portal Password
- Resetting the Password
- Changing the Password on First Login
- Set a New Password After Your Existing Password Expires
- Configuring Two-Factor Authentication
- Extending the User Login Session
- Resend Activation Link in Customer Portal
- View and Edit Tenant Settings
- play_arrow Users and Roles
- Role-Based Access Control Overview
- About the Users Page in Customer Portal
- Adding Tenant and OpCo Tenant Users
- Editing and Deleting Tenant and OpCo Tenant Users
- Resetting the Password for Tenant Users
- Roles Overview
- About the Tenant Roles Page
- Adding User-Defined Roles for Tenant Users
- Editing, Cloning, and Deleting User-Defined Roles for Tenant Users
- Access Privileges for Role Scopes (Tenant and Operating Company)
- play_arrow SD-WAN and NGFW Deployments
-
- play_arrow Managing Devices and Resources
- play_arrow Managing Authentication
- play_arrow Managing Devices
- Device Redundancy Support Overview
- Activate a Device
- Activating Dual CPE Devices (Device Redundancy)
- Viewing the History of Tenant Device Activation Logs
- Zero Touch Provisioning Overview
- Workflow for Onboarding a Device Using ZTP
- Configure an SRX Series CPE to Discover an EX Series Switch or AP Connected to the CPE
- play_arrow Managing Device Images
- play_arrow Managing Resources
- Multidepartment CPE Device Support
- About the Devices Page
- Perform Return Material Authorization (RMA) for a Device
- Grant Return Material Authorization (RMA) for a Device
- Manage a Single CPE Device
- Rebooting a CPE Device
- Configuring APN Settings on CPE Devices
- Identifying Connectivity Issues by Using Ping
- Identifying Connectivity Issues by Using Traceroute
- Remotely Accessing a Device CLI
- View the Current Configuration on a Device
- Generate Device RSI for Enterprise Hub and Spoke Devices
- Configuring the Firewall Device
- About the Physical Interfaces Page
- About the Logical Interfaces Page
- Adding a Logical Interface
- Editing, Deleting, and Deploying Logical Interfaces
- Enable LLDP on a CPE Interface
- Create LAG Interface
- Create a RETH Interface
- Create a Redundancy Group
- Manage Redundancy Groups
- Adding a Security Zone
- Adding a Routing Instance
- Create Management Connectivity Between a CPE and a Switch
- Discover an EX Series Switch or APs Configured Behind a CPE
- View an EX Series Switch or an AP on Mist
- View an SRX Series CPE on Juniper Mist
- About the Static Routes Page
- Adding a Static Route
- Editing, Deleting, and Deploying Static Routes
- play_arrow Managing Device Templates
- play_arrow Managing Configuration Templates
- Configuration Templates Overview
- Configuration Templates Workflow
- About the Configuration Templates Page
- Predefined Configuration Templates
- Edit, Clone, and Delete Configuration Templates
- Deploy Configuration Templates to Devices
- Undeploy a Configuration Template from a Device
- Dissociate a Configuration Template from a Device
- Preview and Render Configuration Templates
- Import Configuration Templates
- Export a Configuration Template
- Assign Configuration Templates to Device Templates
- Add Configuration Templates
- Jinja Syntax and Examples for Configuration Templates
- View the Configuration Deployed on Devices
- play_arrow Managing Licenses
- play_arrow Managing Signature Database and Certificates
- Signature Database Overview
- About the Signature Database Page
- Manually Installing Signatures
- Automating Signature Database Installation
- Managing Signature Installation Settings (Auto Installation)
- Certificates Overview
- About the Certificates Page
- Importing a Certificate
- Installing and Uninstalling Certificates
- About the VPN Authentication Page
- Modify PKI Settings for All Sites
- Modify PKI Settings for Selected Sites
- play_arrow Managing Juniper Identity Management Service
-
- play_arrow Managing Policies, Profiles, and Proxies
- play_arrow Managing Firewall Policies
- Firewall Policy Overview
- About the Firewall Policy List Page
- About the Firewall Policy Name Page
- Adding a Firewall Policy
- Editing and Deleting Firewall Policies
- Adding Firewall Policy Intents
- Editing, Cloning, and Deleting Firewall Policy Intents
- Selecting Firewall Source
- Selecting Firewall Destination
- Firewall Policy Examples
- Firewall Policy Schedules Overview
- About the Firewall Policy Schedules Page
- Creating Schedules
- Editing, Cloning, and Deleting Schedules
- Deploying Firewall Policies
- About the Default Profiles for Unified Firewall Policy Page
- Editing Default Settings for the Unified Firewall Policy
- Importing Policies Overview
- Importing Firewall Policies
- play_arrow Managing Content Security Profiles
- Content Security Overview
- Configuring Content Security Settings
- About the Content Security Profiles Page
- Creating Content Security Profiles
- Editing, Cloning, and Deleting Content Security Profiles
- About the Web Filtering Profiles Page
- Creating Web Filtering Profiles
- Editing, Cloning, and Deleting Web Filtering Profiles
- About the Antivirus Profiles Page
- Creating Antivirus Profiles
- Editing, Cloning, and Deleting Antivirus Profiles
- About the Antispam Profiles Page
- Creating Antispam Profiles
- Editing, Cloning, and Deleting Antispam Profiles
- About the Content Filtering Profiles Page
- Creating Content Filtering Profiles
- Editing, Cloning, and Deleting Content Filtering Profiles
- About the URL Patterns Page
- Creating URL Patterns
- Editing, Cloning, and Deleting URL Patterns
- About the URL Categories Page
- Creating URL Categories
- Editing, Cloning, and Deleting URL Categories
- play_arrow Managing SLA Profiles and SD-WAN Policies
- Traffic Steering Profiles and SD-WAN Policies Overview
- About the SD-WAN Policy Page
- Creating SD-WAN Policy Intents
- Editing and Deleting SD-WAN Policy Intents
- Application Quality of Experience Overview
- Configure and Monitor Application Quality of Experience
- About the SLA-Based Steering Profiles Page
- Adding SLA-Based Steering Profiles
- Editing and Deleting SLA-Based Steering Profiles
- About the Path-Based Steering Profiles Page
- Adding Path-Based Steering Profiles
- Editing and Deleting Path-Based Steering Profiles
- Breakout and Breakout Profiles Overview
- About the Breakout Profiles Page
- Adding Breakout Profiles
- Adding Cloud Breakout Settings
- Assigning Cloud Breakout Settings to Sites
- Detaching Cloud Breakout Settings from Sites
- Editing Breakout Profiles and Cloud Breakout Settings
- Deleting Breakout Profiles and Cloud Breakout Settings
- Configuring Breakout on SD-WAN Sites
- play_arrow Managing NAT Policies
- NAT Policies Overview
- About the NAT Policies Page
- Creating NAT Policies
- Editing and Deleting NAT Policies
- About the Single NAT Policy Page
- Creating NAT Policy Rules
- Editing, Cloning, and Deleting NAT Policy Rules
- Deploying NAT Policy Rules
- Selecting NAT Source
- Selecting NAT Destination
- NAT Pools Overview
- About the NAT Pools Page
- Creating NAT Pools
- Editing, Cloning, and Deleting NAT Pools
- Deploying NAT Policies
- Importing NAT Policies
- play_arrow Managing IPS Signatures and Profiles
- About the IPS Signatures Page
- Create IPS Signatures
- Create IPS Signature Static Groups
- Create IPS Signature Dynamic Groups
- Edit, Clone, and Delete IPS Signatures
- Edit, Clone, and Delete IPS Signature Static Groups
- Edit, Clone, and Delete IPS Signature Dynamic Groups
- About the IPS Profiles Page
- Create IPS Profiles
- Edit, Clone, and Delete IPS Profiles
- About the <IPS-Profile-Name> / Rules Page
- Create IPS or Exempt Rules
- Edit, Clone, and Delete IPS or Exempt Rules
- play_arrow Managing SSL Proxies
- SSL Forward Proxy Overview
- About the SSL Proxy Policy Page
- Creating SSL Proxy Policy Intents
- Editing, Cloning, and Deleting SSL Proxy Policy Intents
- Understanding How SSL Proxy Policy Intents Are Applied
- About the SSL Proxy Profiles Page
- Creating SSL Forward Proxy Profiles
- Editing, Cloning, and Deleting SSL Forward Proxy Profiles
- Configuring and Deploying an SSL Forward Proxy Policy
- play_arrow Deploying Policies
-
- play_arrow Managing Network Services and Shared Objects
- play_arrow Configuring Network Services
- play_arrow Managing Shared Objects
- Addresses and Address Groups Overview
- About the Addresses Page
- Creating Addresses or Address Groups
- Editing, Cloning, and Deleting Addresses and Address Groups
- Services and Service Groups Overview
- About the Services Page
- Creating Services and Service Groups
- Creating Protocols
- Editing and Deleting Protocols
- Editing, Cloning, and Deleting Services and Service Groups
- Application Signatures Overview
- About the Application Signatures Page
- Understanding Custom Application Signatures
- Adding Application Signatures
- Editing, Cloning, and Deleting Application Signatures
- Adding Application Signature Groups
- Editing, Cloning, and Deleting Application Signature Groups
- About the Departments Page
- Add a Department
- Delete a Department
- About the Protocols Page
- Add a Protocol Endpoint
- Edit or Delete Protocol Endpoint
-
- play_arrow Monitoring Jobs and Audit Logs
- play_arrow Managing Jobs
- play_arrow Managing Audit Logs
-
- play_arrow Monitoring Alarms, Events, and Threats
- play_arrow Monitoring Security Alerts and Alarms
- About the Monitor Overview Page
- Alerts Overview
- About the Generated Alerts Page
- About the Alert Definitions/Notifications Page
- Managing Security Alerts Definitions
- Creating Security Alert Definitions
- Editing, Cloning, and Deleting Security Alert Definitions
- About the Alarms Page
- Enable E-mail Notifications for SD-WAN Alarms
- Rogue Device Detection
- Monitoring Support for LTE Links on Dual CPEs
- play_arrow Monitoring Security
- About the All Security Events Page
- About the Firewall Events Page
- About the Web Filtering Events Page
- About the IPsec VPNs Events Page
- About the Content Filtering Events Page
- About the Antispam Events Page
- About the Antivirus Events Page
- About the IPS Events Page
- About the Screen Events Page
- About the Traffic Logs Page
- play_arrow Monitoring SD-WAN Events
- play_arrow Monitoring Applications
- About the SLA Performance of a Single Tenant Page
- Viewing the SLA Performance of a Site
- Viewing the SLA Performance of an Application or Application Group
- Application Visibility Overview
- About the Application Visibility Page
- About the User Visibility Page
- Viewing Application or User Visibility Data for Specific Sites
- play_arrow Monitoring Threats
- Syslog Streaming
-
- play_arrow Managing Reports
- play_arrow Security Reports
- Reports Overview
- About the Security Report Definitions Page
- Scheduling, Generating, Previewing, and Sharing Security Reports
- About the Security Generated Reports Page
- Creating Log Report Definition
- Creating Bandwidth Report Definition
- Creating ANR Report Definition
- Editing, Deleting, and Cloning Log Report Definitions
- Editing, Deleting, and Cloning Bandwidth Report Definitions
- Editing, Deleting, and Cloning ANR Report Definitions
- play_arrow SD-WAN Reports
-
Edit Branch and Enterprise Hub Site Parameters
Tenant administrator users can modify the parameters configured for a branch site or an enterprise hub site from the Site Management page (Resources > Site Management).
You cannot edit cloud branch sites.
To edit the parameters configured for a branch site or an enterprise hub site:
The following operations take several minutes (greater than 15 minutes) based on the number of sites connected in the network:
Deleting a WAN link
Editing the following parameters of a WAN link:
Link Type
PPPoE
Address Assignment Method
Use for OAM Traffic
Backup Link
VLAN ID
Redeploying a partially deployed WAN link
Editable Parameters | Site Type | Description |
|---|---|---|
General Note:
| ||
Site Name | Enterprise hub site SD-WAN branch site | Edit the name of the site. You can only use alphanumeric numbers and hyphen. The site name must be unique and the name length must not exceed 32 characters. |
Device Host Name | Enterprise hub site SD-WAN branch site | Edit the device host name for the site. You can only use alphanumeric numbers and hyphen (-). The device host name must be unique and name length must not exceed 32 characters. Format: <tenant_name>.<site_name>. For example, TenantA.Orange. Note: The tenant name is always added as a prefix for the device host name. The tenant name part in the device host name cannot be edited. |
Address and Contact Information | Enterprise hub site SD-WAN branch site | Edit the Street Address, City, State/Province, ZIP/Postal Code, Country, Contact Name, Email, or Phone Number. |
Advanced Configuration | Enterprise hub site SD-WAN branch site | Edit the Domain Name Server (DNS) IP address (IPv4 or IPv6, or both), Network Address Translation (NTP) Server IP address, or the selected Timezone. |
Device You can do one of the following:
Note: You cannot edit the device series (for example, NFX Series to SRX Series Firewalls) as this change requires the site to be deleted and added again. | ||
Hub Configuration Note:
| ||
Primary Provider Hub | Enterprise hub site SD-WAN branch site | Edit the primary provider hub device configured for the site. |
Secondary Provider Hub | Enterprise hub site SD-WAN branch site | Edit the secondary provider hub device configured for the site. Note: Not applicable to sites with SD-WAN Essentials service. |
Primary Enterprise Hub | SD-WAN branch site | Edit the primary enterprise hub device configured for the site. |
Secondary Enterprise Hub | SD-WAN branch site | Edit the secondary enterprise hub device configured for the site. Note: Not applicable to sites with SD-WAN Essentials service. |
Use Mesh Tags to connect EHub | SD-WAN branch site | This toggle button is enabled by default. If this button is enabled, CSO uses mesh tags to automatically form the overlay tunnel between the site and the enterprise hubs. Disable this toggle button if you want to manually create static tunnel (per WAN link) between the branch site and the enterprise hubs. If you disable this option, you must manually enable at least one WAN link to connect to the enterprise hub by using the Connects to Enterprise Hubs toggle button in the Advanced Settings of the WAN link. |
WAN Links For each WAN link, you can edit the following properties: | ||
Re-Deploy WAN Link | Enterprise hub site SD-WAN branch site | Click the toggle button to enable editing the WAN parameters of the partially deployed WAN link. |
Link Type | Enterprise hub site SD-WAN branch site | Select MPLS or an Internet link. |
Access Type | SD-WAN branch site | You cannot edit the Access Type field because you cannot add the same WAN link with different access types as it depends on the slots configured on the device. If needed, you can delete the WAN link and add a new WAN link. |
| Link Redundancy | SD-WAN branch site | You cannot edit the Link Redundancy field for an existing WAN link. If needed, you can delete the WAN link and add it as a new WAN link with the new link redundancy settings. |
PPPoE/PPP | SD-WAN branch site | Click the toggle button to enable or disable authenticated address assignment for the WAN link by using PPPoE (Point-to-Point Protocol over Ethernet) or PPP (Point-to-Point Protocol). You can enable PPPoE or PPP per WAN link. If you’ve enabled this toggle button for a WAN link, in the PPPoE/PPP Settings section, you can modify the username, password, and the authentication protocol. You can enable PPPoE or PPP on MPLS-based or internet-based WAN links. PPPoE works with Ethernet, ADSL, and VDSL access types while PPP works with the LTE access type. Note: The PPPoE/PPP toggle button is not supported for Internet links with LTE access type. |
Access Point Name (APN) | SD-WAN branch site | Edit the access point name (APN), for the CPE device, which is specified by the service provider. This field is displayed only if you’ve enabled the PPPoE/PPP toggle button for MPLS links with LTE as the access type. If you’ve disabled the PPPoE/PPP toggle button for these links, CSO uses the default APN settings. |
| MTU | Enterprise hub site SD-WAN branch site | Edit the maximum transmission unit (MTU)
size for the media or protocol. The supported MTU range can vary
depending on the device, interface type, network topology, and other
individual requirements. Note: Editing the MTU value of a WAN link can affect the traffic flow on that link. Editing the MTU values of all the OAM-enabled WAN links of a site at the same time might result in tunnel flapping. You must ensure that at least one OAM-enabled WAN link always remains undisrupted for a site. For example, if you have a site with four WAN links (including two links that support OAM traffic), you can edit the MTU values of all the WAN links except one OAM-enabled link at the same time. After the edit is complete and the changes are saved, you can edit the site again and update the remaining WAN link. |
Egress Bandwidth | Enterprise hub site SD-WAN branch site | Edit the maximum bandwidth (in Mbps) allowed for the WAN link. |
Underlay Address Families | Enterprise hub site SD-WAN branch site |
|
Public IP Address (Only for enterprise hub sites) | Enterprise hub site | Edit the public IPv4 address configured for the WAN link. |
Advanced Settings | ||
Address Family (Tunnel Creation) | Enterprise hub site SD-WAN branch site |
|
Provider | Enterprise hub site SD-WAN branch site | Edit the Internet Service Provider (ISP) name. |
Cost/Month | Enterprise hub site SD-WAN branch site | Edit the cost of using the WAN link per month (range is 1 through 10000). You can select the currency of the cost from the adjacent list. |
Enable Local Breakout | Enterprise hub site SD-WAN branch site | Click the toggle button to enable or disable the local breakout on the site. If you enabled local breakout, you can:
|
MAP-E | SD-WAN branch site | Click the toggle button to enable or disable the Mapping of Address and Port with Encapsulation (MAP-E) functionality on the WAN link. Note:
|
Use For Fullmesh | Enterprise hub site SD-WAN branch site | Click the toggle button to specify whether the WAN link can be a part of a full mesh topology. If enabled, you can edit:
|
Use for OAM Traffic | Enterprise hub site SD-WAN branch site | Click the toggle button to enable or disable sending the OAM traffic over the WAN link. |
Connects to Enterprise Hubs | This field is not displayed if you have enabled the Use Mesh Tags to Connect EHub field in the Hub Configuration section. Enable this toggle button if you want to manually connect the site to an enterprise hub, without using mesh tags. | |
Primary EHub Tunnel Type | This field is displayed only if you have enabled the Connects to Enterprise Hubs field. Select the tunnel type to be used for the connection between the branch site and the primary enterprise hub. | |
Primary EHub Peer Device | This field is displayed only if you have enabled the Connects to Enterprise Hubs field. Displays the name of the primary enterprise hub you have selected. | |
Primary Ehub Peer Interface | This field is displayed only if you have enabled the Connects to Enterprise Hubs field. Select the primary enterprise hub WAN link that needs to be part of the tunnel. You can select multiple WAN links. | |
Secondary EHub Tunnel Type | This field is displayed only if you have enabled the Connects to Enterprise Hubs field. Select the tunnel type to be used for the connection between the branch site and the secondary enterprise hub. | |
Secondary EHub Peer Device | This field is displayed only if you have enabled the Connects to Enterprise Hubs field. Displays the name of the secondary enterprise hub you have selected. | |
Secondary Ehub Peer Interface | This field is displayed only if you have enabled the Connects to Enterprise Hubs field. Select the secondary enterprise hub WAN link that needs to be part of the tunnel. You can select multiple WAN links. | |
Connects to Hubs | Enterprise hub site SD-WAN branch site | Note: The Connects to Hubs field is available only if you have selected a provider hub. Click the toggle button to specify whether or not the WAN link of the site connects to a hub. If enabled, you can edit:
|
Backup Link | Enterprise hub site SD-WAN branch site | Click the toggle button to enable or disable the backup link through which traffic can be routed when the primary link is unavailable. |
Default Link | Enterprise hub site SD-WAN branch site | Click the toggle button to enable or disable the default link though which traffic can be routed when matching SD-WAN policy intents are unavailable. |
Data VLAN ID | Enterprise hub site SD-WAN branch site | Edit the VLAN ID. Range: 0 through 4049 (4050 to 4094 is reserved by CSO). |
Advanced Configurations Note: Sites with SD-WAN Essentials service do not support creation or deletion of dynamic mesh tunnels based on a user-defined threshold for the number of sessions closed between two branch sites. However, an OpCo administrator or a tenant administrator can create a static tunnel between a source site and destination site by using the CSO GUI in Customer Portal. | ||
Traffic Volume Metrics | Enterprise hub site SD-WAN branch site | Choose a method to compute the SD-WAN traffic volume on the WAN links of the site. CSO uses this data to provide a graphical representation of the WAN traffic volume on the Site Details page.
|
DVPN Threshold for Tunnel Creation | Enterprise hub site SD-WAN branch site | Edit the number of sessions specified for the Threshold for Tunnel Creation. |
DVPN Threshold for Tunnel Deletion | Enterprise hub site SD-WAN branch site | Edit the number of sessions specified for the Threshold for Tunnel Deletion. |
General | |
Address and Contact Information | Edit the Street Address, City, State/Province, ZIP/Postal Code, Country, Contact Name, Email, or Phone Number. |
Advanced Configuration | Edit the Domain Name Server (DNS) IP address, Network Address Translation (NTP) Server IP address, or the selected Timezone. |
Device Information | |
Secure Log Source Interface | Edit the port configured as the management interface to connect to a management device. You can configure any of the ge-0/0/x ports (x ranging from 0 to 14) as in-band management interfaces. |
