VMware SD-WAN Administration Guide
About VMware SD-WAN Administration Guide
What's New
Enterprise-level UI Changes in the New SASE Orchestrator
Overview
VMware SD-WAN Routing Overview
Dynamic Multipath Optimization (DMPO)
Solution Components
SD-WAN Edge Performance and Scale Data
Capabilities
Tunnel Overhead and MTU
Network Topologies
Branch Site Topologies
Roles and Privilege Levels
User Role Matrix
Key Concepts
Supported Browsers
Supported Modems
User Agreement
Log in to VMware Cloud Orchestrator Using SSO for Enterprise User
Monitor Enterprise
Monitor Network Overview
Monitor Edges
Monitor Edge Overview
Monitor QoE
Monitor Links of an Edge
Monitor Path Visibility
Monitor Flow Visibility
Monitor Edge Applications
Monitor Edge Sources
Monitor Edge Destinations
Monitor Business Priorities of an Edge
Monitor System Information of an Edge
Monitoring High Availability Edges
Monitor Network Services
Monitor Non SD-WAN Destinations through Gateway
Monitor Non SD-WAN Destinations through Edge
Monitor Cloud Security Service Sites
Monitor Zscaler laasSubscription
Monitor Edge Clusters
Monitor Edge VNFs
Monitor Routing Details
Monitor Multicast Groups
Monitor PIM Neighbors
Monitor BGP Edge Neighbor State
Monitor BFD
Monitor BGP Gateway Neighbor State
Gateway Route Table
Monitor Alerts
Monitor Events
Auto Rollback to the Last Known Good Configuration
Platform Firmware Upgrade Progress
Monitor Firewall Logs
Enterprise Reports
Create a New Enterprise Report
Create Customized Report
Select Time Range
Select Data
Select Edges
Submit Report
Monitor Enterprise Reports
View Analytics Data
Configure Segments
Configure Network Services
Configure a Non SD-WAN Destination
VPN Workflow
Configure Non SD-WAN Destinations via Gateway
Configure a Non SD-WAN Destination of Type AWS VPN Gateway
Configure a Non SD-WAN Destination of Type Check Point
Configure a Non SD-WAN Destination of Type Cisco ASA
Configure a Non SD-WAN Destination of Type Cisco ISR
Configure a Non SD-WAN Destination of Type Generic IKEv2 Router (Route Based VPN)
Configure a Non SD-WAN Destination of Type Microsoft Azure Virtual Hub
Configure a Non SD-WAN Destination of Type Palo Alto
Configure a Non SD-WAN Destination of Type SonicWALL
Zscaler and VMware SD-WAN Integration
Configure a Non SD-WAN Destination of Type Zscaler
Associate a Non SD-WAN Destination to a Configuration Profile
Configure Zscaler
Configure Business Priority Rules
Configure a Non SD-WAN Destination of Type Generic IKEv1 Router (Route Based VPN)
Configure a Non SD-WAN Destination of Type Generic Firewall (Policy Based VPN)
Configure Non SD-WAN Destinations via Edge
Configure a Non-VMware SD-WAN Site of Type Generic IKEv1 Router via Edge
Configure a Non-VMware SD-WAN Site of Type Generic IKEv2 Router via Edge
Configure a Non-VMware SD-WAN Site of Type Microsoft Azure via Edge
Configure Tunnel Between Branch and Non SD-WAN Destinations via Edge
Configure API Credentials
Configure Clusters and Hubs
About Edge Clustering
How Edge Clustering Works
Troubleshooting Edge Clustering
Hub or Cluster Interconnect
Configure Netflow Settings
IPFIX Templates
Non-NAT Template
Enterprise-Specific Fields (ID>32767)
NAT Template
Flow Link Stats Template
Tunnel Stats Template
Application Option Template
Interface Option Template
VMware Segment ID to Segment Mapping Template
Link Option Template
Netflow Source Address and Segmentation
IPFIX Information Element Definitions
Configure DNS Services
Configure Private Network Names
Configure Authentication Services
Configure TACACS Services
Configure Edge Services
Cloud Security Services
Configure a Cloud Security Service
Configure Cloud Security Services for Profiles
Configure Cloud Security Services for Edges
Configure Business Policies with Cloud Security Services
Monitor Cloud Security Services
Monitor Cloud Security Services Events
Azure Virtual WAN IPsec Tunnel Automation
Azure Virtual WAN IPsec Tunnel Automation Overview
Prerequisite Azure Configuration
Register SASE Orchestrator Application
Assign the SASE Orchestrator Application to Contributor Role
Register a Resource Provider
Create a Client Secret
Configure Azure Virtual WAN for Branch-to-Azure VPN Connectivity
Create a Resource Group
Create a Virtual WAN
Create a Virtual Hub
Create a Virtual Network
Create a Virtual Connection between VNet and Hub
Configure SASE Orchestrator for Azure Virtual WAN IPsec Automation from SD-WAN Gateway
Associate a Microsoft Azure Non SD-WAN Destination to an SD-WAN Profile
Edit a VPN Site
Synchronize VPN Configuration
Configure SASE Orchestrator for Azure Virtual WAN IPsec Automation from SD-WAN Edge
Associate a Microsoft Azure Non SD-WAN Destination to an SD-WAN Edge and Add Tunnels
Monitor Non SD-WAN Destinations
VMware SD-WAN in Azure Virtual WAN Hub Deployment
About VMware SD-WAN in Azure Virtual WAN Hub Deployment
Deploy VMware SD-WAN in Azure Virtual WAN Hub
Hub Upgrade Instructions for VMware SD-WAN Edge Deployed as Azure vWAN NVA
Configure Amazon Web Services
Configure Edge for Amazon Web Services (AWS) Transit Gateway (TGW) Connect Service
Obtain Amazon Web Services Configuration Details
Configure a Non SD-WAN Destination
CloudHub Automated Deployment of NVA in Azure vWAN Hub
About CloudHub Automated Deployment of NVA in Azure Virtual WAN Hub
CloudHub Deployment Prerequisites
CloudHub Automated Deployment of Azure vWAN NVA via VMware SASE Orchestrator
Configure Profiles
Create Profile
Configure Profile settings
Global IPv6 Settings for Profiles
View Profile Information
Configure Device Settings for Profiles
Configure a Profile Device
Assign Segments in Profile
Configure VLAN for Profiles
Configure Management IP Address for Profiles
Configure Address Resolution Protocol Timeouts for Profiles
Configure Interface Settings
Configure Interface Settings for Profiles
Configure DSL Settings
Configure ADSL and VDSL Settings
Configure GPON Settings
IPv6 Settings
Global IPv6 Settings for Profiles
Monitor IPv6 Events
Troubleshooting IPv6 Configuration
Configure Wi-Fi Radio Settings
Configure Common Criteria Firewall Settings for Profiles
Assign Partner Gateway Handoff
Assign Controllers
Configure Cloud VPN
Cloud VPN Overview
Configure Cloud VPN for Profiles
Configure a Tunnel Between a Branch and SD-WAN Hubs VPN
Conditional Backhaul
Configure a Tunnel Between a Branch and a Branch VPN
Configure a Tunnel Between a Branch and a Non SD-WAN Destinations via Gateway
Configure a Tunnel Between a Branch and a Non SD-WAN Destinations via Edge
Configure Cloud Security Services for Profiles
Configure Zscaler Settings for Profiles
Configure Secure Access Service for Profiles
Configure Multicast Settings for Profiles
Configure DNS for Profiles
Activate OSPF for Profiles
Route Filters
Configure BFD for Profiles
LAN-Side NAT Rules at Profile Level
Configure BGP from Edge to Underlay Neighbors for Profiles
Configure Visibility Mode for Profiles
Configure SNMP Settings for Profiles
Configure Syslog Settings for Profiles
Syslog Message Format for Firewall Logs
Configure Netflow Settings for Profiles
Configure Authentication Settings for Profiles
Configure NTP Settings for Profiles
Configure Business Policy
Configure Business Policies
Create Business Policy Rule
Configure Network Service for Business Policy Rule
Configure Link Steering Modes
Configure Policy-based NAT
Overlay QoS CoS Mapping
Tunnel Shaper for Service Providers with Partner Gateway
Firewall Overview
Configure Profile Firewall
Configure Edge Firewall
Configure Firewall Rule
Enhanced Firewall Services
Enhanced Firewall Services Overview
Configure Enhanced Firewall Services
Monitor Enhanced Firewall Services Threats
Enhanced Firewall Services Alerts and Events
Monitor Firewall Logs
Troubleshooting Firewall
Provision a New Edge
Provision a New Edge with Analytics
Configure Analytics Settings on an Edge
Activate Self-Healing for SD-WAN Edges
Manage Edges
Configure Edge Settings
Reset Edges to Factory Settings
Activate SD-WAN Edges
Activate SD-WAN Edges using Edge Auto-activation
Sign-Up for Edge Auto-activation
Assign Profile and License to Edges
Assign Inventory to an Edge
Activate SD-WAN Edges Using Email
Send Edge Activation Email
Activate an Edge Device
Edge Activation using an iOS Device and an Ethernet Cable
Edge Activation using an Android Device and an Ethernet Cable
Request RMA Reactivation
Request RMA Reactivation Using Edge Auto-activation
Request RMA Reactivation Using Email
Configure User Account details
Enable Secure Edge Access for an Enterprise
Secure Edge CLI Commands
Sample Outputs
View Edge Information
Configure Edge Overrides
Configure VLAN for Edges
Loopback Interfaces Configuration
Loopback Interfaces—Benefits
Loopback Interfaces—Limitations
Configure a Loopback Interface for an Edge
Configure Management Traffic for Edges
Configure Address Resolution Protocol Timeouts for Edges
Configure Interface Settings for Edges
Configure DHCP Server on Routed Interfaces
Enable RADIUS on a Routed Interface
Configure RADIUS Authentication for a Switched Interface
MAC Address Bypass (MAB) for RADIUS-based Authentication
Configure Edge LAN Overrides
Configure Edge WLAN Overrides
Configure Edge WAN Overlay Settings
SD-WAN Service Reachability via MPLS
Configure Class of Service
Configure Hot Standby Link
Monitor Hot Standby Links
Global IPv6 Settings for Edges
Configure Wi-Fi Radio Overrides
Configure Automatic SIM Switchover
Configure Common Criteria Firewall Settings for Edges
Configure Cloud VPN and Tunnel Parameters for Edges
Configure Cloud Security Services for Edges
Configure Zscaler Settings for Edges
Configure Secure Access Service for Edges
Configure Multicast Settings for Edges
Configure BFD for Edges
LAN-side NAT Rules at Edge Level
Configure ICMP Probes/Responders
Configure Static Route Settings
Configure DNS for Edges
Activate OSPF for Edges
Configure BGP from Edge to Underlay Neighbors for Edges
Configure High Availability Settings for Edges
Configure VRRP Settings
Monitor VRRP Events
Configure Visibility Mode for Edges
Configure Syslog Settings for Edges
Configure Netflow Settings for Edges
Configure SNMP Settings for Edges
Security Virtual Network Functions
Configure VNF Management Service
Configure Security VNF without High Availability
Configure Security VNF with High Availability
Define Mapping Segments with Service VLANs
Configure VLAN with VNF Insertion
Monitor VNF for an Edge
Monitor VNF Events
Configure VNF Alerts
Configure Authentication Settings for Edges
Configure NTP Settings for Edges
Configure TACACS Services for Edges
SD-WAN Gateway Migration
SD-WAN Gateway Migration - Limitations
Migrate Quiesced Gateways
What to do When Switch Gateway Action Fails
Object Groups
Configure Object Groups
Configure Business Policies with Object Group
Configure Firewall Rule with Object Group
Site Configurations
Data Center Configurations
Configure Branch and Hub
Configure Dynamic Routing with OSPF or BGP
Activate OSPF for Profiles
Route Filters
Activate OSPF for Edges
Configure BGP
Configure BGP from Edge to Underlay Neighbors for Profiles
Configure BGP from Edge to Underlay Neighbors for Edges
Configure BGP Over IPsec from Edge to Non SD-WAN Neighbors
Configure BGP Over IPsec from Gateways
Monitor BGP Sessions
Monitor BGP Events
Troubleshooting BGP Settings
OSPF/BGP Redistribution
BFD Settings
Configure BFD for Profiles
Configure BFD for Edges
Configure BFD for BGP for Profiles
Configure BFD for BGP for Edges
Configure BFD for OSPF
Configure BFD for OSPF for Edges
Configure BFD for Gateways
Monitor BFD Sessions
Monitor BFD Events
Troubleshooting BFD
Overlay Flow Control
Configure Global Routing Preferences
Configure Subnets
Route Summarization
Route Summarization Configuration
Configure Alerts and Notifications
Configure Alerts
Configure SNMP Traps
Configure Webhooks
Testing and Troubleshooting
Run Remote Diagnostics
Remote Actions
Diagnostic Bundles for Edges
Request Diagnostic Bundle
Request Packet Capture Bundle
Edge Licensing
Example of Edge Licensing
Edge Software Image Management
Edge Software Image Management Overview
Activate Edge Image Management
Edge Image Assignment and Access
Edge Management
Enterprise Settings
User Management - Enterprise
Users
Add New User
API Tokens
Roles
Add Role
Service Permissions
New Permission
List of User Privileges
Authentication
Configure Azure Active Directory for Single Sign On
Configure Okta for Single Sign On
Configure OneLogin for Single Sign On
Configure PingIdentity for Single Sign On
Configure VMware CSP for Single Sign On
User Management with VMware Cloud Services Platform as the Identity Provider
Configure High Availability on SD-WAN Edge
How SD-WAN Edge High Availability (HA) Works
Failure Scenarios
High Availability Deployment Models
Standard HA
Enhanced HA
Mixed-Mode HA
Split-Brain Condition
Split-Brain Detection and Prevention
Support for BGP Over HA Link
High Availability Graceful Switchover with BGP Graceful Restart
Selection Criteria to Determine Active and Standby Status
VLAN-tagged Traffic Over HA Link
Configure High Availability (HA)
Deploying High Availability on VMware ESXi
HA LoS Detection on Routed Interfaces
Monitor Events for LoS Detection
Unique MAC Address
Prerequisites
Activate High Availability
Wait for SD-WAN Edge to Assume Active
Connect the Standby SD-WAN Edge to the Active Edge
Connect LAN and WAN Interfaces on Standby SD-WAN Edge
Deactivate High Availability (HA)
HA Event Details
VMware Virtual Edge Deployment
Deployment Prerequisites for VMware Virtual Edge
Special Considerations for VMware Virtual Edge deployment
Cloud-init Creation
Install VMware Virtual Edge
Activate SR-IOV on KVM
Install Virtual Edge on KVM
Enable SR-IOV on VMware
Install Virtual Edge on VMware ESXi
Appendix
Enterprise-Level Orchestrator Alerts and Events
Supported VMware SD-WAN Edge Events for Syslogs