Device configuration page allows you to assign segments to a Profile and configure various settings and interfaces to be associated with a Profile.
The View drop-down menu at the left side of the page allows the user to select the view options. The available options are Expand All and Collapse All. By default, the settings are collapsed.
The Sort drop-down menu at the left side of the page allows the user to select the sort options: Sort by category and Sort by segment aware. You can view the configuration settings sorted by category or segment aware. By default, the settings are sorted by category. If you choose to sort by segmentation, the settings are grouped as Segment Aware and Segment Agnostic as shown in the following screenshot.
In Segment Aware configurations, configuration settings apply only to a specific segment selected from the Segment drop-down menu. In Segment Agnostic configurations, configuration settings apply to multiple segments.
Profile Device Configurations—A Roadmap
The following table provides the list of Profile-level configurations:
Connectivity
| Settings | Description |
|---|---|
| VLAN | Configure the VLANs with both IPv4 and IPv6 addresses for Profiles. Click the IPv4 or IPv6 tabs to configure the corresponding IP addresses for the VLANs. See Configure VLAN for Profiles. |
| Management IP | The Management IP address is used as the source address for local services like DNS and as a destination for diagnostic tests like pinging from another Edge. See Configure Management IP Address for Profiles. |
| ARP Timeouts | By default, the ARP Timeout values are configured. If required, select the Override default ARP Timeouts checkbox, to modify the default values. See Configure Address Resolution Protocol Timeouts for Profiles. |
| Interfaces | Configure the Interface Settings for each Edge model. See Configure Interface Settings for Profiles. |
| Global IPv6 | Activate IPv6 configurations globally. See Global IPv6 Settings for Profiles. |
| Wi-Fi Radio | Turn on or turn off Wi-Fi Radio and configure the band of radio frequencies. See Configure Wi-Fi Radio Settings. |
| Common Criteria Firewall | Common Criteria (CC) is an international certification accepted by many countries. Obtaining the CC certification is an endorsement that our product has been evaluated by competent and independent licensed laboratories for the fulfilment of certain security properties. This certification is recognized by all the signatories of the Common Criteria Recognition Agreement (CCRA). The CC is the driving force for the widest available mutual recognition of secure IT products. Having this certification is an assurance of security to a standard extent and can provide VMware with the much needed business parity or advantage with its competitors. Enterprise users can configure the Common Criteria Firewall settings. By default, this feature is deactivated. See Configure Common Criteria Firewall Settings for Profiles. |
VPN Services
| Settings | Description |
|---|---|
| Cloud VPN | Activate Cloud VPN to initiate and respond to VPN connection requests. In the Cloud VPN, you can establish tunnels as follows:
Select the checkboxes as required and configure the parameters to establish the tunnels. See Configure Cloud VPN for Profiles. |
| Non SD-WAN Destination via Edge | Activate to establish tunnel between a branch and Non SD-WAN destination via Edge. See Configure Tunnel Between Branch and Non SD-WAN Destinations via Edge. Click Add to add Non SD-WAN Destinations. Click New NSD via Edge to create new Non SD-WAN Destination via Edge. See Configure Non SD-WAN Destinations via Edge. |
| Hub or Cluster Interconnect | VMware SD-WAN supports interconnection of multiple Hub Edges or Hub Clusters to increase the range of Spoke Edges that can communicate with each other. This feature allows communication between the Spoke Edges connected to one Hub Edge or Hub Cluster and the Spoke Edges connected to another Hub Edge or Hub Cluster, using multiple overlay and underlay connections. See Hub or Cluster Interconnect. |
| Cloud Security Service | Activate to establish a secured tunnel from an Edge to cloud security service sites. This allows the secured traffic being redirected to third-party cloud security sites. See Cloud Security Services. |
| Zscaler | Allows to establish a secured tunnel from an Edge to Zscaler sites. See Configure Zscaler Settings for Profiles. |
| Gateway Handoff Assignment | Allows to assign Partner Gateways for Profiles or Edges. In order for customers to be able assign Partner Gateways, the Partner Handoff feature must be activated for the customers. See Assign Partner Gateway Handoff. |
| Controller Assignment | Allows to assign Controllers for Profiles or Edges. In order for customers to be able assign Controllers, the Partner Handoff feature must be activated for the customers. See Assign Controllers. |
| Secure Access Service | Allows to configure Secure Access Service for Profiles. See Configure Secure Access Service for Profiles. |
Routing & NAT
| Settings | Description |
|---|---|
| Multicast | Activate and configure Multicast to send data to only interested set of receivers. See Configure Multicast Settings for Profiles. |
| DNS | Use the DNS Settings to configure conditional DNS forwarding through a private DNS service and to specify a public DNS service to be used for querying purpose. See Configure DNS for Profiles. |
| OSPF | Configure OSPF areas for the selected Profile. See Activate OSPF for Profiles. |
| BFD | Configure BFD settings for the selected Profile. See Configure BFD for Profiles. |
| LAN-Side NAT Rules | Allows you to NAT IP addresses in an unadvertised subnet to IP addresses in an advertised subnet. See LAN-Side NAT Rules at Profile Level. |
| BGP | Configure BGP for Underlay Neighbors and Non SD-WAN Neighbors. See Configure BGP. |
Telemetry
| Settings | Description |
|---|---|
| Visibility Mode | Choose the visibility mode to track the network using either MAC address or IP address. See Configure Visibility Mode for Profiles. |
| Syslog | Configure Syslog collector to receive SASE Orchestrator bound events and firewall logs from the Edges configured in an Enterprise. See Configure Syslog Settings for Profiles. |
| Netflow Settings | As an Enterprise Administrator, you can configure Netflow settings at the Profile level. Configure Netflow Settings for Profiles. |
| SNMP | Activate the required SNMP version for monitoring the network. Ensure that you download and install all the required SNMP MIBs before enabling SNMP. See Configure SNMP Settings for Profiles. |
Edge Services
| Settings | Description |
|---|---|
| Authentication | Allows to select a RADIUS server to be used for authenticating a user. See Configure Authentication Settings for Profiles. Click New RADIUS Service to create a new RADIUS server. For more information, see Configure Authentication Services. |
| NTP | Activate to synchronize the system clocks of Edges and other network devices. See Configure NTP Settings for Profiles. |
