Configure Virtual WAN Service 编辑

The Citrix SD-WAN configuration describes and defines the topology of your Citrix SD-WAN network. Before you can deploy an SD-WAN network, you must define the Virtual WAN configuration. To do this, use Configuration Editor in the Citrix SD-WAN Management Web Interface on the MCN appliance.

Security and encryption

Enabling encryption for SD-WAN (for the Virtual Paths) is optional. Instructions for configuring this feature are provided in the section, Enabling and Configuring Virtual WAN Security and Encryption (Optional)

When encryption is enabled, SD-WAN uses the Advanced Encryption Standard (AES) to secure traffic across the Virtual Path. Both AES 128 bit and 256 bit ciphers (key sizes) are supported by the SD-WAN Appliances, and are configurable options. You can select, enable, and configure these and the other encryption options by using the Configuration Editor in the Management Web Interface on the Management Control Node (MCN). You must have administrative access on the MCN to modify the configuration, and to distribute your changes across the SD-WAN network. Once the MCN is secured, the encryption settings and their distribution are also secure.

Authentication between sites functions with the Virtual WAN Configuration. The network configuration has a secret key for each site. For each Virtual Path, the network configuration generates a key by combining the secret keys from the sites at each end of the Virtual Path. The initial key exchange that occurs after a Virtual Path is first set up, is dependent upon the ability to encrypt and decrypt packets with that combined key.

Enabling virtual WAN service

If this is an initial installation and configuration, as a final step you need to manually enable the Virtual WAN Service on each SD-WAN appliance in your network. Enabling the service enables and starts the Virtual WAN daemon.

Note

If you are reconfiguring an existing deployment, the MCN automatically enables the service when it distributes the updated Appliance Packages to the client sites. In this case, you can skip this final step.

To manually enable the Virtual WAN Service on an appliance, do the following:

  1. Log into the Management Web Interface on the appliance you want to activate.

  2. Select Configuration tab.

  3. In the navigation pane, open the Virtual WAN branch and select Enable/Disable/Purge Flows.

    If the Virtual WAN Service is disabled, this displays the Enable Virtual WAN Service page, as shown below. If the service is already enabled, this displays the Enable/Disable/Purge Flows page.

    localized image

  4. Click Enable. This enables the service, and displays the Enable/Disable/Purge Flows page.

    localized image

When the Virtual WAN Service is enabled,a status message to that effect displays in the top section of the page.

Note

This page also presents options for enabling/disabling specific paths and Virtual Paths in your network, as well as an option to purge all flows.

This completes the installation and activation of the SD-WAN on the MCN and branch site client appliances. You can now use the Monitoring pages to verify the activation and diagnose any existing or potential configuration issues.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:5 次

字数:4105

最后编辑:7 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文