Prepare for SD-WAN setup

Make sure you complete these steps before you configure your SD-WAN solution:

  1. Configure your branches as locations in ETP. Make sure the public IP addresses of branches are configured as locations in ETP. To create a location, see Create a location.

  2. Generate a pre-shared key (PSK). To generate a PSK, see Generate a pre-shared key.

  3. Take note of the IPsec fully qualified domain names (FQDNs). When configuring your SD-WAN solution, you need these FQDNs to establish a primary and secondary (backup) tunnel to ETP:

    • primary.ipsec.akaetp.net
    • secondary.ipsec.akaetp.net

    Some SD-WAN solutions may require the IP addresses that resolve from these FQDNs. To determine these IP addresses, you’ll need to ping these FQDNs from your SD-WAN appliance.

  4. Configure IPsec credentials in ETP. Before you configure your SD-WAN solution, you must configure ETP with the PSK you generated and create the IKE Identifier. For more information, see Configure IPsec credentials in ETP.

Generate a pre-shared key

On Linux or macOS, complete this procedure to generate a pre-shared key (PSK) with a minimum of 24 characters. Make sure this key is a random sequence of characters and does not form a word that can be found in a dictionary.

To generate a pre-shared key:

Open a command line and enter this command:

head -c 24 /dev/urandom | base64

Configure IPsec credentials in ETP

Before you begin:
Make sure you generate a pre-shared key. For instruction, see Generate a pre-shared key.

Complete this procedure to add IPsec credentials to ETP. These credentials are required to set up IPsec tunnels between your SD-WAN solution and ETP.

To configure IPsec credentials:

  1. In the Threat Protection menu of Enterprise Center, select Clients & Connectors > Connection Credentials.

  2. In the IPsec Credentials section, click the plus sign.

  3. Enter a unique identifier. This identifier you provide, as well the configuration ID and FQDN that are already included form the IKE identifier.

  4. In the key field, enter the pre-shared key (PSK) and confirm the key value.

  5. Click Save.


Did this page help you?