Supported Devices for SD-WAN, and Ports and Protocols to Open
For the SD-WAN devices supported by CSO, and list of ports or protocols that must be opened for the devices, see:
During the site activation process for SRX4100, SRX4200, SRX4600, and vSRX 3.0, you must copy the stage-1 configuration (generated automatically by CSO) to the device, and commit the configuration on the device.
Before you add a provider hub device, enterprise hub site, or an SD-WAN on-premise spoke site:
Connect cables to the device according to your network design, and power on the device.
For enterprise hubs and SD-WAN on-premise spoke devices, see the hardware documentation links in Table 1.
Note:We assume that the SD-WAN on-premise spoke devices will obtain the DHCP IP address (if DHCP is configured as the address assignment method) and will have Internet connectivity along with DNS resolution, when connected according to the network design.
For provider hub devices, see the hardware documentation links in Table 2
For enterprise hubs and SD-WAN on-premise spoke devices, ensure that the NAT and firewall ports and protocols listed in Table 1 are open on the network.
For provider hubs, ensure that the ports and protocols listed in Table 2 are open on the network.
Ensure that the devices are running the recommended version of Junos OS for the CSO release that you are using. For up-to-date information about the supported Junos OS versions in a CSO release, refer to the CSO Release Notes for that release (available at the CSO Documentation page).
Before you initiate ZTP for the enterprise hub, ensure that the hub device can connect to CSO.
Device Model |
Supported Site Type |
NAT and Firewall Protocols or Ports |
WAN Link Ports (minimum one port; maximum four ports) |
Hardware Documentation Links |
|---|---|---|---|---|
NFX150 |
On-premise (SD-WAN) spoke |
IP Protocol 50 IP Protocol 51 TCP Port 443 UDP Port 500 UDP Port 4500 TCP Port 8060 |
heth-0-0 through heth-0-5 |
|
NFX250 |
On-premise (SD-WAN) spoke |
IP Protocol 50 IP Protocol 51 TCP Port 443 UDP Port 500 UDP Port 4500 TCP Port 7804 TCP Port 8060 |
ge-0/0/10 ge-0/0/11 xe-0/0/12 xe-0/0/13 |
|
SRX300 SRX320 |
On-premise (SD-WAN) spoke |
IP Protocol 50 IP Protocol 51 TCP Port 443 UDP Port 500 UDP Port 4500 TCP Port 8060 |
ge-0/0/0 through ge-0/0/7 |
|
SRX340 SRX345 |
On-premise (SD-WAN) spoke |
IP Protocol 50 IP Protocol 51 TCP Port 443 UDP Port 500 UDP Port 4500 TCP Port 8060 |
ge-0/0/0 through ge-0/0/15 |
|
SRX380 |
Enterprise hub On-premise (SD-WAN) spoke |
IP Protocol 50 IP Protocol 51 TCP Port 443 UDP Port 500 UDP Port 4500 TCP Port 8060 |
ge-0/0/0 ge-0/0/2 to ge-0/0/15 xe-0/0/16 to xe-0/0/19 |
|
SRX550M |
On-premise (SD-WAN) spoke |
IP Protocol 50 IP Protocol 51 TCP Port 443 UDP Port 500 UDP Port 4500 TCP Port 8060 |
ge-0/0/0 through ge-0/0/9 |
|
SRX1500 |
Enterprise hub On-premise (SD-WAN) spoke |
IP Protocol 50 IP Protocol 51 TCP Port 443 UDP Port 500 UDP Port 4500 TCP Port 8060 |
ge-0/0/7 ge-0/0/8 xe-0/0/18 xe-0/0/19 |
|
SRX4100 SRX4200 |
Enterprise hub On-premise (SD-WAN) spoke |
IP Protocol 50 IP Protocol 51 TCP Port 443 TCP Port 500 UDP Port 4500 TCP Port 8060 |
xe-0/0/0 xe-0/0/1 xe-0/0/2 xe-0/0/3 |
|
SRX4600 |
Enterprise hub On-premise (SD-WAN) spoke |
IP Protocol 50 IP Protocol 51 TCP Port 443 TCP Port 500 UDP Port 4500 TCP Port 8060 |
xe-1/1/0 xe-1/1/1 xe-1/1/2 xe-1/1/3 |
|
vSRX |
Enterprise hub On-premise (SD-WAN) spoke |
IP Protocol 50 IP Protocol 51 TCP Port 443 UDP Port 500 UDP Port 4500 TCP Port 8060 |
ge-0/0/0 ge-0/0/1 ge-0/0/2 ge-0/0/3 |
Device Model |
Ports and Protocols |
Hardware Documentation Links |
|---|---|---|
SRX1500 |
IP Protocol 50 IP Protocol 51 TCP and UDP Ports 53 (for DNS) UDP Port 123 (for NTP) TCP Port 443 UDP Port 500 UDP Port 4500 |
|
SRX4100 SRX4200 SRX4600 |
IP Protocol 50 IP Protocol 51 TCP and UDP Ports 53 (for DNS) UDP Port 123 (for NTP) TCP Port 443 UDP Port 500 UDP Port 4500 |
|
vSRX |
IP Protocol 50 IP Protocol 51 TCP and UDP Ports 53 (for DNS) UDP Port 123 (for NTP) TCP Port 443 UDP Port 500 UDP Port 4500 |