Make sure you complete these steps before you configure your SD-WAN solution:
Configure your branches as locations in ETP. Make sure the public IP addresses of branches are configured as locations in ETP. To create a location, see Create a location.
Generate a pre-shared key (PSK). To generate a PSK, see Generate a pre-shared key.
Take note of the IPsec fully qualified domain names (FQDNs). When configuring your SD-WAN solution, you need these FQDNs to establish a primary and secondary (backup) tunnel to ETP:
Some SD-WAN solutions may require the IP addresses that resolve from these FQDNs. To determine these IP addresses, you’ll need to ping these FQDNs from your SD-WAN appliance.
Configure IPsec credentials in ETP. Before you configure your SD-WAN solution, you must configure ETP with the PSK you generated and create the IKE Identifier. For more information, see Configure IPsec credentials in ETP.
On Linux or macOS, complete this procedure to generate a pre-shared key (PSK) with a minimum of 24 characters. Make sure this key is a random sequence of characters and does not form a word that can be found in a dictionary.
To generate a pre-shared key:
Open a command line and enter this command:
head -c 24 /dev/urandom | base64
Before you begin:
Make sure you generate a pre-shared key. For instruction, see Generate a pre-shared key.
Complete this procedure to add IPsec credentials to ETP. These credentials are required to set up IPsec tunnels between your SD-WAN solution and ETP.
To configure IPsec credentials:
In the Threat Protection menu of Enterprise Center, select Clients & Connectors > Connection Credentials.
In the IPsec Credentials section, click the plus sign.
Enter a unique identifier. This identifier you provide, as well the configuration ID and FQDN that are already included form the IKE identifier.
In the key field, enter the pre-shared key (PSK) and confirm the key value.
Updated 20 days ago