Make sure you complete these steps before you configure your SD-WAN solution:
Configure your branches as locations in SIA. Make sure the public IP addresses of branches are configured as locations in SIA. To create a location, see Create a location.
Generate or create a pre-shared key. You can manually create a key that contains a minimum of 24 characters and a random sequence of characters that cannot be found in the dictionary. To use a command to do this on Linux or macOS, see Generate a pre-shared key.
Take note of the IPsec fully qualified domain names (FQDNs). When configuring your SD-WAN solution, you need these FQDNs to establish a primary and secondary (backup) tunnel to SIA:
Some SD-WAN solutions may require the IP addresses that resolve from these FQDNs. To determine these IP addresses, you’ll need to ping these FQDNs from your SD-WAN appliance.
Configure IPsec credentials in SIA. Before you configure your SD-WAN solution, you must configure SIA with the PSK you generated and create the IKE Identifier. For more information, see Configure IPsec credentials in SIA.
On Linux or macOS, complete this procedure to generate a pre-shared key (PSK) with a minimum of 24 characters. Make sure this key is a random sequence of characters and does not form a word that can be found in a dictionary.
To generate a pre-shared key:
Open a command line and enter this command:
head -c 24 /dev/urandom | base64
Before you begin:
Make sure you generate a pre-shared key. For instruction, see Generate a pre-shared key.
Complete this procedure to add IPsec credentials to SIA. These credentials are required to set up IPsec tunnels between your SD-WAN solution and SIA.
To configure IPsec credentials:
In the Threat Protection menu of Enterprise Center, select Clients & Connectors > Connection Credentials.
In the IPsec Credentials section, click the plus sign.
Enter a unique identifier. This identifier you provide, as well the configuration ID and FQDN that are already included form the IKE identifier.
In the key field, enter the pre-shared key (PSK) and confirm the key value.
Updated 7 days ago