Configure Virtual WAN Service 编辑
The Citrix SD-WAN configuration describes and defines the topology of your Citrix SD-WAN network. Before you can deploy an SD-WAN network, you must define the Virtual WAN configuration. To do this, use Configuration Editor in the Citrix SD-WAN Management Web Interface on the MCN appliance.
Security and encryption
Enabling encryption for SD-WAN (for the Virtual Paths) is optional. Instructions for configuring this feature are provided in the section, Enabling and Configuring Virtual WAN Security and Encryption (Optional)
When encryption is enabled, SD-WAN uses the Advanced Encryption Standard (AES) to secure traffic across the Virtual Path. Both AES 128 bit and 256 bit ciphers (key sizes) are supported by the SD-WAN Appliances, and are configurable options. You can select, enable, and configure these and the other encryption options by using the Configuration Editor in the Management Web Interface on the Management Control Node (MCN). You must have administrative access on the MCN to modify the configuration, and to distribute your changes across the SD-WAN network. Once the MCN is secured, the encryption settings and their distribution are also secure.
Authentication between sites functions with the Virtual WAN Configuration. The network configuration has a secret key for each site. For each Virtual Path, the network configuration generates a key by combining the secret keys from the sites at each end of the Virtual Path. The initial key exchange that occurs after a Virtual Path is first set up, is dependent upon the ability to encrypt and decrypt packets with that combined key.
Enabling virtual WAN service
If this is an initial installation and configuration, as a final step you need to manually enable the Virtual WAN Service on each SD-WAN appliance in your network. Enabling the service enables and starts the Virtual WAN daemon.
Note
If you are reconfiguring an existing deployment, the MCN automatically enables the service when it distributes the updated Appliance Packages to the client sites. In this case, you can skip this final step.
To manually enable the Virtual WAN Service on an appliance, do the following:
Log into the Management Web Interface on the appliance you want to activate.
Select Configuration tab.
In the navigation pane, open the Virtual WAN branch and select Enable/Disable/Purge Flows.
If the Virtual WAN Service is disabled, this displays the Enable Virtual WAN Service page, as shown below. If the service is already enabled, this displays the Enable/Disable/Purge Flows page.
Click Enable. This enables the service, and displays the Enable/Disable/Purge Flows page.
When the Virtual WAN Service is enabled,a status message to that effect displays in the top section of the page.
Note
This page also presents options for enabling/disabling specific paths and Virtual Paths in your network, as well as an option to purge all flows.
This completes the installation and activation of the SD-WAN on the MCN and branch site client appliances. You can now use the Monitoring pages to verify the activation and diagnose any existing or potential configuration issues.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论