To create a Gateway paired with Bastion Orchestrator, perform the following steps.


  1. In the Operator portal, click Gateways.
  2. In the Gateways page, click Actions > New Gateway.
  3. In the New Gateway window, configure the following details:
    1. Name – Enter a name for the new Gateway Pool.
    2. IPv4 Address – Enter the IPv4 address of the Gateway.
    3. IPv6 Address – Enter the IPv6 address of the Gateway.
      • Once you have created a Gateway, you cannot modify the IP addresses.
      • Release 4.3.0 supports Greenfield deployment of Gateways for IPv6. If you have upgraded a Gateway from a previous version earlier than 4.3.0, you cannot configure the upgraded Gateway with the IPv6 address.
      • IPv4/IPv6 dual-stack mode is not supported for Bastion Orchestrator configuration feature.
    4. Service State – Select the service state of the Gateway from the drop-down list. The following options are available:
      • In Service: The Gateway is connected and available.
      • Out of Service: The Gateway is not connected.
      • Quiesced: The Gateway service is quiesced or paused. Select this state for backup or maintenance purposes.
    5. Gateway Pool – Select the Gateway Pool from the drop-down list, to which the Gateway would be assigned.
    6. Authentication Mode – Select the authentication mode of the Gateway from the following available options:
      • Certificate Disabled: Edge uses a pre-shared key mode of authentication.
      • Certificate Acquire: This option is selected by default and instructs the Edge to acquire a certificate from the certificate authority of the SD-WAN Orchestrator, by generating a key pair and sending a certificate signing request to the Orchestrator. Once acquired, the Edge uses the certificate for authentication to the SD-WAN Orchestrator and for establishment of VCMP tunnels.
        Note: After acquiring the certificate, the option can be updated to Certificate Required.
        Note: With the Bastion Orchestrator feature enabled, the Gateways that are to be staged to Public Orchestrator should have the Authentication mode set to either Certificate Acquire or Certificate Required.
      • Certificate Required: Edge uses the PKI certificate.
    7. Contact Name – Enter the name of the Site Contact.
    8. Contact Email – Enter the Email ID of the Site Contact.
    9. Click Create.


Once you create a new Gateway, you are redirected to the Configure Gateways page, where you can configure additional settings for the newly created Gateway.

What to do next

To stage the Gateway to the Bastion Orchestrator, see Stage a SD-WAN Gateway to Bastion Orchestrator.