Configure Branch to SD-WAN Hubs VPN to establish VPN connection between branch and hubs.


  1. From the SD-WAN Orchestrator, go to Configure > Profiles.
    The Configuration Profiles page appears.
  2. Select a profile you want to configure Cloud VPN and click the icon under the Device column.
    The Device Settings page for the selected profile appears.
  3. Go to Cloud VPN area and enable Cloud VPN by turning the toggle button to On.
  4. To configure Branch to SD-WAN Hubs, under Branch to Hubs, select the Enable checkbox.
  5. Click the Select Hubs link. The Manage Cloud VPN Hubs page for the selected profile appears.
  6. From Available Edges & Clusters, you can select and configure the edges to act as SD-WAN Hubs, or Backhaul Hubs, or Branch to Branch VPN Hubs in the branch profile, using the > or < arrows.
    Note: An edge cluster and an individual edge can be simultaneously configured as Hubs in a branch profile. Once edges are assigned to a cluster, they cannot be assigned as individual Hubs.
    Note: Branch to Branch VPN using Hubs functions the same regardless of whether the Hubs are Clusters or individual Edges. In order to configure Branch to Branch VPN using Hubs that are also Edge Clusters, you can select a Hub from the Hubs area and move it to the Branch to Branch VPN Hubs area. It is recommended to select the Auto Select VPN Hub checkbox so that the edge will select the best hub for establishing the Branch to Branch VPN Hubs connection.
  7. To enable Conditional Backhaul, select the Enable Conditional BackHaul checkbox.
    With Conditional Backhaul (CBH) enabled, the Edge will be able to failover Internet-bound traffic (Direct Internet traffic, Internet via SD-WAN Gateway and Cloud Security Traffic via IPsec) to MPLS links whenever there is no Public Internet links available. When Conditional Backhaul is enabled, by default all Business Policy rules at the branch level are subject to failover traffic through Conditional Backhaul. You can exclude traffic from Conditional Backhaul based on certain requirements for selected policies by disabling this feature at the selected business policy level. For more information, see Conditional Backhaul.
  8. Click Save Changes.