To create a Gateway paired with Bastion Orchestrator, perform the following steps.
- In the Operator portal, click Gateways.
- In the Gateways page, click .
- In the New Gateway window, configure the following details:
- Name – Enter a name for the new Gateway Pool.
- IPv4 Address – Enter the IPv4 address of the Gateway.
- IPv6 Address – Enter the IPv6 address of the Gateway.
- Once you have created a Gateway, you cannot modify the IP addresses.
- Release 4.3.0 supports Greenfield deployment of Gateways for IPv6. If you have upgraded a Gateway from a previous version earlier than 4.3.0, you cannot configure the upgraded Gateway with the IPv6 address.
- IPv4/IPv6 dual-stack mode is not supported for Bastion Orchestrator configuration feature.
- Service State – Select the service state of the Gateway from the drop-down list. The following options are available:
- In Service: The Gateway is connected and available.
- Out of Service: The Gateway is not connected.
- Quiesced: The Gateway service is quiesced or paused. Select this state for backup or maintenance purposes.
- Gateway Pool – Select the Gateway Pool from the drop-down list, to which the Gateway would be assigned.
- Authentication Mode – Select the authentication mode of the Gateway from the following available options:
- Certificate Disabled: Edge uses a pre-shared key mode of authentication.
- Certificate Acquire: This option is selected by default and instructs the Edge to acquire a certificate from the certificate authority of the SD-WAN Orchestrator, by generating a key pair and sending a certificate signing request to the Orchestrator. Once acquired, the Edge uses the certificate for authentication to the SD-WAN Orchestrator and for establishment of VCMP tunnels.
Note: After acquiring the certificate, the option can be updated to Certificate Required.Note: With the Bastion Orchestrator feature enabled, the Gateways that are to be staged to Public Orchestrator should have the Authentication mode set to either Certificate Acquire or Certificate Required.
- Certificate Required: Edge uses the PKI certificate.
- Contact Name – Enter the name of the Site Contact.
- Contact Email – Enter the Email ID of the Site Contact.
- Click Create.
What to do next
To stage the Gateway to the Bastion Orchestrator, see Stage a SD-WAN Gateway to Bastion Orchestrator.