VMware allows the Enterprise users to define and configure a Non VMware SD-WAN Site instance and establish a secure IPSec tunnel to a Non VMware SD-WAN Site through a SD-WAN Gateway.

To configure a Non SD-WAN Destinations via Gateway:


  1. From the navigation panel in the SD-WAN Orchestrator, go to Configure > Network Services.
    The Services screen appears.
  2. In the Non SD-WAN Destinations via Gateway area, click the New button.
    The New Non SD-WAN Destinations via Gateway dialog box appears.
  3. In the Name text box, enter a name for the Non VMware SD-WAN Site.
  4. From the Type drop-down menu, select an IPSec tunnel type.
    VMware supports the following Non VMware SD-WAN Site type configurations through SD-WAN Gateway:
    • Check Point
    • Cisco ASA
    • Cisco ISR
    • Generic IKEv2 Router (Route Based VPN)
    • Microsoft Azure Virtual Hub
    • Palo Alto
    • SonicWALL
    • Zscaler
    • Generic IKEv1 Router (Route Based VPN)
    • Generic Firewall (Policy Based VPN)
      Note: VMware supports both Generic Route-based and Policy-based Non VMware SD-WAN Site from Gateway.
  5. Enter an IP address for the Primary VPN Gateway (and the Secondary VPN Gateway if necessary), and click Next.
    A Non VMware SD-WAN Site is created.
    Note: To support the datacenter type of Non VMware SD-WAN Site, besides the IPSec connection, you will need to configure Non VMware SD-WAN Site local subnets into the VMware system.

What to do next