In addition to the default Gateways, you can create Gateways and associate them with Enterprise Customers.

To create a Gateway, perform the following steps.


  1. In the Gateways page, click Actions > New Gateway.
  2. In the New Gateway window, configure the following details:
    1. Name – Enter a name for the new Gateway Pool.
    2. IPv4 Address – Enter the IPv4 address of the Gateway.
    3. IPv6 Address – Enter the IPv6 address of the Gateway.
      • Once you have created a Gateway, you cannot modify the IP addresses.
      • Release 4.3.x and 4.4.x support Greenfield deployment of Gateways for IPv6. If you have upgraded a Gateway from a previous version earlier than 4.3.0, you cannot configure the upgraded Gateway with the IPv6 address.
      • Release 4.5.0 supports both the Greenfield and Brownfield deployment of Gateways for IPv6. If you have upgraded a Gateway from a previous version earlier than 4.5.0, you can dynamically configure IPv6 address for the Gateway.
      • IPv4/IPv6 dual-stack mode is not supported for Bastion Orchestrator configuration.
    4. Service State – Select the service state of the Gateway from the drop-down list. The following options are available:
      • In Service: The Gateway is connected and available.
      • Out of Service: The Gateway is not connected.
      • Quiesced: The Gateway service is quiesced or paused. Select this state for backup or maintenance purposes.
    5. Gateway Pool – Select the Gateway Pool from the drop-down list, to which the Gateway would be assigned.
    6. Authentication Mode – Select the authentication mode of the Gateway from the following available options:
      • Certificate Not Required: Gateway uses a pre-shared key mode of authentication.
      • Certificate Acquire: This option is selected by default and instructs the Gateway to acquire a certificate from the certificate authority of the SD-WAN Orchestrator, by generating a key pair and sending a certificate signing request to the Orchestrator. Once acquired, the Gateway uses the certificate for authentication to the SD-WAN Orchestrator and for establishment of VCMP tunnels.
        Note: After acquiring the certificate, the option can be updated to Certificate Required.
        Note: With the Bastion Orchestrator feature enabled, the Gateways that are to be staged to Public Orchestrator should have the Authentication mode set to either Certificate Acquire or Certificate Required.
      • Certificate Required: Gateway uses the PKI certificate. Operators can change the certificate renewal time window for Gateways using the system properties.
    7. Contact Name – Enter the name of the Site Contact.
    8. Contact Email – Enter the Email ID of the Site Contact.
    9. Click Create.


Once you create a new Gateway, you are redirected to the Configure Gateways page, where you can configure additional settings for the newly created Gateway.

What to do next

To configure the Gateway details, see Configure Gateways.