Configure Edge Overrides

Configuration overrides can be made to some settings that were assigned to an Edge. In most cases, an override must first be activated, and then changes can be made.

Override rules can be added to existing Business Policy and Firewall rules. Override rules have precedence over all other rules defined for Business Policy or Firewall. For more information, see Create Business Policy Rule and Configure Firewall Rule.

Note: Edge overrides enable Edge specific edits to the displayed settings, and discontinue further automatic updates from the configuration Profile. You can simply turn off the override and go back to automatic updates any time.

To override configuration settings for a specific Edge:

In the SD-WAN service of the Enterprise portal, go to Configure > Edges. The Edges page displays the existing Edges.
Click the link to an Edge or click the View link in the Device column of the Edge. The configuration options for the selected Edge are displayed in the Device tab.
The View drop-down menu at the left side of the page allows the user to select the view options. The available options are Expand All and Collapse All. By default, the settings are collapsed.
The Sort drop-down menu at the left side of the page allows the user to select the sort options: Sort by category and Sort by segment aware. You can view the configuration settings sorted by category or segment aware. By default, the settings are sorted by category. If you choose to sort by segmentation, the settings are grouped as segment aware and segment agnostic.
For some of the settings, the configuration is inherited from the associated Profile. To edit inherited configuration for the Edge, select the Override check box.
After modifying the required settings, click Save Changes.
Note: On the Device page, whenever you make configuration changes for the selected Edge, an action bar appears at the bottom of the screen. You can click the notification to view the recent configuration changes and save the changes made to the Edge.
Click the Shortcuts option to perform the following activities:
- Monitor – Navigates to the Monitoring tab of the selected Edge. See Monitor Edges.
- View Events – Displays the Events related to the selected Edge.
- Remote Diagnostics – Enables to run the Remote Diagnostics tests for the selected Edge. See Run Remote Diagnostics.
- Generate Diagnostic Bundle – Allows to generate Diagnostic Bundle for the selected Edge. See Diagnostic Bundles for Edges.
- Remote Actions – Allows to perform the Remote actions for the selected Edge. See Remote Actions.
- View Profile – Navigates to the Profile page, that is associated with the selected Edge.
- View Gateways – Displays the Gateways connected to the selected Edge.

Edge Device Configurations—A Roadmap

At the Edge-level, some configurations are Segment Aware, that is the configurations must be enabled for each segment where they are intended to work. Whereas, other configurations are Segment Agnostic across multiple segments.

The following table provides the list of Edge-level configurations:

Connectivity


Settings	Description
VLAN	Configure the VLANs with both IPv4 and IPv6 addresses for Edges. Click the IPv4 or IPv6 tabs to configure the corresponding IP addresses for the VLANs. For more information, see Configure VLAN for Edges.
Loopback Interfaces	Configure a logical interface that allows you to assign an IP address, which is used to identify an Edge. For more information, see Configure a Loopback Interface for an Edge.
Management Traffic	Configure the management traffic by selecting a source IP for the Edge to transmit the traffic to SASE Orchestrator. For more information, see Configure Management Traffic for Edges.
ARP Timeouts	By default, the Edge inherits the ARP settings from the associated Profile. Select the Override and Override default ARP Timeouts checkboxes to modify the values. For more information, see Configure Address Resolution Protocol Timeouts for Edges.
Interfaces	Configure the following settings for the Edge Interfaces: Interface Settings – Configure the settings for a Switch Port (LAN) or a Routed (WAN) Interface of the selected Edge. See Configure Interface Settings for Edges. WAN Overlay Settings – Enables to add or modify a User-Defined WAN Overlay and modify or delete an existing auto-detected WAN Overlay. See Configure Edge WAN Overlay Settings.
Global IPv6	Activate IPv6 configurations globally. See Global IPv6 Settings for Edges.
Wi-Fi Radio	Activate or deactivate Wi-Fi Radio and configure the band of radio frequencies. For more information, see Configure Wi-Fi Radio Overrides. Note: The Wi-Fi Radio option is available only for the following Edge models: 500, 5X0, Edge 510, Edge 510-LTE, Edge 6X0, and Edge 610-LTE.
Common Criteria Firewall	Common Criteria (CC) is an international certification accepted by many countries. Obtaining the CC certification is an endorsement that our product has been evaluated by competent and independent licensed laboratories for the fulfilment of certain security properties. This certification is recognized by all the signatories of the Common Criteria Recognition Agreement (CCRA). The CC is the driving force for the widest available mutual recognition of secure IT products. Having this certification is an assurance of security to a standard extent and can provide VMware with the much needed business parity or advantage with its competitors. Enterprise users can configure the Common Criteria Firewall settings. By default, this feature is deactivated. See Configure Common Criteria Firewall Settings for Edges.

VPN Services


Settings	Description
Cloud VPN	Allows Cloud VPN to initiate and respond to VPN connection requests. In the Cloud VPN, you can establish tunnels as follows: Branch to Hub VPN Branch to Branch VPN Edge to Non SD-WAN via Gateway Select the check boxes as required and configure the parameters to establish the tunnels. See Configure Cloud VPN and Tunnel Parameters for Edges.
Non SD-WAN Destination via Edge	Allows to establish tunnel between a branch and Non SD-WAN destination via Edge. See Configure Tunnel Between Branch and Non SD-WAN Destinations via Edge. Click Add to add Non SD-WAN Destinations. Click New NSD via Edge to create new Non SD-WAN Destination via Edge. See Configure Non SD-WAN Destinations via Edge.
Hub or Cluster Interconnect	VMware SD-WAN supports interconnection of multiple Hub Edges or Hub Clusters to increase the range of Spoke Edges that can communicate with each other. This feature allows communication between the Spoke Edges connected to one Hub Edge or Hub Cluster and the Spoke Edges connected to another Hub Edge or Hub Cluster, using multiple overlay and underlay connections. See Hub or Cluster Interconnect.
Cloud Security Service	Allows to establish a secured tunnel from an Edge to cloud security service sites. This enables the secured traffic being redirected to third-party cloud security sites. See Cloud Security Services.
Zscaler	Allows to establish a secured tunnel from an Edge to Zscaler sites. See Configure Zscaler Settings for Edges.
Gateway Handoff Assignment	Allows to assign Partner Gateways for Profiles or Edges. In order for customers to be able assign Partner Gateways, the Partner Handoff feature must be activated for the customers. See Assign Partner Gateway Handoff.
Controller Assignment	Allows to assign Controllers for Profiles or Edges. In order for customers to be able assign Controllers, the Partner Handoff feature must be activated for the customers. See Assign Controllers.
Secure Access Service	Allows to configure Secure Access Service at Edge level. See Configure Secure Access Service for Edges.

Routing & NAT


Settings	Description
Multicast	Configure Multicast to send data to only interested set of receivers. See Configure Multicast Settings for Edges.
BFD	By default, the Edge inherits the BFD configuration settings from the associated Profile. If required, you can select the Override checkbox to modify the settings. For more information, see Configure BFD for Edges.
LAN-Side NAT Rules	Allows you to NAT IP addresses in an unadvertised subnet to IP addresses in an advertised subnet. See LAN-side NAT Rules at Edge Level.
ICMP Probes	Configure ICMP probes that check for the network continuity by pinging specified IP address at frequent intervals. See Configure ICMP Probes/Responders.
ICMP Responders	Configure ICMP Responders that respond to ICMP probes from a specified IP address. See Configure ICMP Probes/Responders.
Static Route Settings	Configure Static Route Settings for special cases in which static routes are needed for existing network attached devices, such as printers. See Configure Static Route Settings.
DNS	Use the DNS Settings to configure conditional DNS forwarding through a private DNS service and to specify a public DNS service to be used for querying purpose. See Configure DNS for Edges.
OSPF	The OSPF settings configured in the associated Profile are displayed. You can configure OSPF areas only for a Profile and only for a Global Segment. For Edges, you can configure additional OSPF settings for routed Interfaces. For more information, see Activate OSPF for Profiles.
BGP	Configure BGP settings for Underlay Neighbors and Non SD-WAN Neighbors. See Configure BGP.

High Availability


Settings	Description
High Availability	Activate High Availability for the selected Edge. Choose one of the following options: None – This is the default option where High Availability is not enabled. Active Standby Pair – Select this option to enable HA on the selected Edge. For more information, see Activate High Availability. Cluster – If you choose this option, select an existing Edge cluster from the drop-down list to enable High Availability on the Edge cluster. To configure Edge clusters, see Configure Clusters and Hubs. VRRP with 3rd party router – Select this option to configure Virtual Router Redundancy Protocol (VRRP) on the selected Edge to enable next-hop redundancy in the SASE Orchestrator network by peering with third-party CE router. To configure VRRP, see Configure VRRP Settings. For more information, see Configure High Availability Settings for Edges.

Telemetry


Settings	Description
Visibility Mode	Choose the visibility mode to track the network using either MAC address or IP address. See Configure Visibility Mode for Edges.
Syslog	Configure Syslog collector to receive SASE Orchestrator bound events and firewall logs from the Edges configured in an Enterprise. See Configure Syslog Settings for Edges.
Netflow Settings	As an Enterprise Administrator, at the Edge level, you can override the Netflow settings specified in the Profile. Configure Netflow Settings for Edges.
SNMP	Enable the required SNMP version for monitoring the network. Ensure that you download and install all the required SNMP MIBs before enabling SNMP. See Configure SNMP Settings for Edges.

Security VNF


Settings	Description
Security VNF	Configure security VNF to run the functions of a network service in a software-only form. For more information, see Security Virtual Network Functions.

Edge Services


Settings	Description
Authentication	Allows to select a RADIUS server to be used for authenticating a user. For more information, see Configure Authentication Settings for Edges. Click New RADIUS Service to create a new RADIUS server. For more information, see Configure Authentication Services.
NTP	Allows to synchronize the system clocks of Edges and other network devices. See Configure NTP Settings for Edges.