In addition to the default Gateways, you can create Gateways and associate them with Enterprise Customers.
To create a Gateway, perform the following steps.
- In the Gateways page, click .
- In the New Gateway window, configure the following details:
- Name – Enter a name for the new Gateway Pool.
- IPv4 Address – Enter the IPv4 address of the Gateway.
- IPv6 Address – Enter the IPv6 address of the Gateway.
- Once you have created a Gateway, you cannot modify the IP addresses.
- Release 4.3.x and 4.4.x support Greenfield deployment of Gateways for IPv6. If you have upgraded a Gateway from a previous version earlier than 4.3.0, you cannot configure the upgraded Gateway with the IPv6 address.
- Release 4.5.0 supports both the Greenfield and Brownfield deployment of Gateways for IPv6. If you have upgraded a Gateway from a previous version earlier than 4.5.0, you can dynamically configure IPv6 address for the Gateway.
- IPv4/IPv6 dual-stack mode is not supported for Bastion Orchestrator configuration.
- Service State – Select the service state of the Gateway from the drop-down list. The following options are available:
- In Service: The Gateway is connected and available.
- Out of Service: The Gateway is not connected.
- Quiesced: The Gateway service is quiesced or paused. Select this state for backup or maintenance purposes.
- Gateway Pool – Select the Gateway Pool from the drop-down list, to which the Gateway would be assigned.
- Authentication Mode – Select the authentication mode of the Gateway from the following available options:
- Certificate Not Required: Gateway uses a pre-shared key mode of authentication.
- Certificate Acquire: This option is selected by default and instructs the Gateway to acquire a certificate from the certificate authority of the SD-WAN Orchestrator, by generating a key pair and sending a certificate signing request to the Orchestrator. Once acquired, the Gateway uses the certificate for authentication to the SD-WAN Orchestrator and for establishment of VCMP tunnels.
Note: After acquiring the certificate, the option can be updated to Certificate Required.Note: With the Bastion Orchestrator feature enabled, the Gateways that are to be staged to Public Orchestrator should have the Authentication mode set to either Certificate Acquire or Certificate Required.
- Certificate Required: Gateway uses the PKI certificate. Operators can change the certificate renewal time window for Gateways using the system properties.
- Contact Name – Enter the name of the Site Contact.
- Contact Email – Enter the Email ID of the Site Contact.
- Click Create.
What to do next
To configure the Gateway details, see Configure Gateways.