Prepare for SD-WAN setup
Make sure you complete these steps before you configure your SD-WAN solution:
Configure your branches as locations in SIA. Make sure the public IP addresses of branches are configured as locations in SIA. To create a location, see Create a location.
Generate or create a pre-shared key. You can manually create a key that contains a minimum of 24 characters and a random sequence of characters that cannot be found in the dictionary. To use a command to do this on Linux or macOS, see Generate a pre-shared key.
Take note of the IPsec fully qualified domain names (FQDNs). When configuring your SD-WAN solution, you need these FQDNs to establish a primary and secondary (backup) tunnel to SIA:
Some SD-WAN solutions may require the IP addresses that resolve from these FQDNs. To determine these IP addresses, you’ll need to ping these FQDNs from your SD-WAN appliance.
Configure IPsec credentials in SIA. Before you configure your SD-WAN solution, you must configure SIA with the PSK you generated and create the IKE Identifier. For more information, see Configure IPsec credentials in SIA.
Generate a pre-shared key
On Linux or macOS, complete this procedure to generate a pre-shared key (PSK) with a minimum of 24 characters. Make sure this key is a random sequence of characters and does not form a word that can be found in a dictionary.
To generate a pre-shared key:
Open a command line and enter this command:
head -c 24 /dev/urandom | base64
Configure IPsec credentials in SIA
Before you begin:
Make sure you generate a pre-shared key. For instruction, see Generate a pre-shared key.
Complete this procedure to add IPsec credentials to SIA. These credentials are required to set up IPsec tunnels between your SD-WAN solution and SIA.
To configure IPsec credentials:
In the Threat Protection menu of Enterprise Center, select Clients & Connectors > Connection Credentials.
In the IPsec Credentials section, click the plus sign.
Enter a unique identifier. This identifier you provide, as well the configuration ID and FQDN that are already included form the IKE identifier.
In the key field, enter the pre-shared key (PSK) and confirm the key value.
Updated 4 months ago