Configuration overrides can be made to some settings that were assigned to an Edge. In most cases, an override must first be activated, and then changes can be made.
Override rules can be added to existing Business Policy and Firewall rules. Override rules have precedence over all other rules defined for Business Policy or Firewall. For more information, see Create Business Policy Rule and Configure Firewall Rule.
To override configuration settings for a specific Edge:
- In the SD-WAN service of the Enterprise portal, go to . The Edges page displays the existing Edges.
- Click the link to an Edge or click the View link in the Device column of the Edge. The configuration options for the selected Edge are displayed in the Device tab.
- The View drop-down menu at the left side of the page allows the user to select the view options. The available options are Expand All and Collapse All. By default, the settings are collapsed.
- The Sort drop-down menu at the left side of the page allows the user to select the sort options: Sort by category and Sort by segment aware. You can view the configuration settings sorted by category or segment aware. By default, the settings are sorted by category. If you choose to sort by segmentation, the settings are grouped as segment aware and segment agnostic.
- For some of the settings, the configuration is inherited from the associated Profile. To edit inherited configuration for the Edge, select the Override check box.
- After modifying the required settings, click Save Changes.
Note: On the Device page, whenever you make configuration changes for the selected Edge, an action bar appears at the bottom of the screen. You can click the notification to view the recent configuration changes and save the changes made to the Edge.
- Click the Shortcuts option to perform the following activities:
- Monitor – Navigates to the Monitoring tab of the selected Edge. See Monitor Edges.
- View Events – Displays the Events related to the selected Edge.
- Remote Diagnostics – Enables to run the Remote Diagnostics tests for the selected Edge. See Run Remote Diagnostics.
- Generate Diagnostic Bundle – Allows to generate Diagnostic Bundle for the selected Edge. See Diagnostic Bundles for Edges.
- Remote Actions – Allows to perform the Remote actions for the selected Edge. See Remote Actions.
- View Profile – Navigates to the Profile page, that is associated with the selected Edge.
- View Gateways – Displays the Gateways connected to the selected Edge.
Edge Device Configurations—A Roadmap
At the Edge-level, some configurations are Segment Aware, that is the configurations must be enabled for each segment where they are intended to work. Whereas, other configurations are Segment Agnostic across multiple segments.
The following table provides the list of Edge-level configurations:
Connectivity
Settings | Description |
---|---|
VLAN | Configure the VLANs with both IPv4 and IPv6 addresses for Edges. Click the IPv4 or IPv6 tabs to configure the corresponding IP addresses for the VLANs. For more information, see Configure VLAN for Edges. |
Loopback Interfaces | Configure a logical interface that allows you to assign an IP address, which is used to identify an Edge. For more information, see Configure a Loopback Interface for an Edge. |
Management Traffic | Configure the management traffic by selecting a source IP for the Edge to transmit the traffic to SASE Orchestrator. For more information, see Configure Management Traffic for Edges. |
ARP Timeouts | By default, the Edge inherits the ARP settings from the associated Profile. Select the Override and Override default ARP Timeouts checkboxes to modify the values. For more information, see Configure Address Resolution Protocol Timeouts for Edges. |
Interfaces | Configure the following settings for the Edge Interfaces:
|
Global IPv6 | Activate IPv6 configurations globally. See Global IPv6 Settings for Edges. |
Wi-Fi Radio | Activate or deactivate Wi-Fi Radio and configure the band of radio frequencies. For more information, see Configure Wi-Fi Radio Overrides.
Note:
The Wi-Fi Radio option is available only for the following Edge models: 500, 5X0, Edge 510, Edge 510-LTE, Edge 6X0, Edge 610-LTE, Edge 710, and Edge 710 5G.
|
Common Criteria Firewall | Common Criteria (CC) is an international certification accepted by many countries. Obtaining the CC certification is an endorsement that our product has been evaluated by competent and independent licensed laboratories for the fulfilment of certain security properties. This certification is recognized by all the signatories of the Common Criteria Recognition Agreement (CCRA). The CC is the driving force for the widest available mutual recognition of secure IT products. Having this certification is an assurance of security to a standard extent and can provide VMware with the much needed business parity or advantage with its competitors. Enterprise users can configure the Common Criteria Firewall settings. By default, this feature is deactivated. See Configure Common Criteria Firewall Settings for Edges. |
VPN Services
Settings | Description |
---|---|
Cloud VPN | Allows Cloud VPN to initiate and respond to VPN connection requests. In the Cloud VPN, you can establish tunnels as follows:
Select the check boxes as required and configure the parameters to establish the tunnels. See Configure Cloud VPN and Tunnel Parameters for Edges. |
Non SD-WAN Destination via Edge | Allows to establish tunnel between a branch and Non SD-WAN destination via Edge. See Configure Tunnel Between Branch and Non SD-WAN Destinations via Edge. Click Add to add Non SD-WAN Destinations. Click New NSD via Edge to create new Non SD-WAN Destination via Edge. See Configure Non SD-WAN Destinations via Edge. |
Hub or Cluster Interconnect | VMware SD-WAN supports interconnection of multiple Hub Edges or Hub Clusters to increase the range of Spoke Edges that can communicate with each other. This feature allows communication between the Spoke Edges connected to one Hub Edge or Hub Cluster and the Spoke Edges connected to another Hub Edge or Hub Cluster, using multiple overlay and underlay connections. See Hub or Cluster Interconnect. |
Cloud Security Service | Allows to establish a secured tunnel from an Edge to cloud security service sites. This enables the secured traffic being redirected to third-party cloud security sites. See Cloud Security Services. |
Zscaler | Allows to establish a secured tunnel from an Edge to Zscaler sites. See Configure Zscaler Settings for Edges. |
Gateway Handoff Assignment | Allows to assign Partner Gateways for Profiles or Edges. In order for customers to be able assign Partner Gateways, the Partner Handoff feature must be activated for the customers. See Assign Partner Gateway Handoff. |
Controller Assignment | Allows to assign Controllers for Profiles or Edges. In order for customers to be able assign Controllers, the Partner Handoff feature must be activated for the customers. See Assign Controllers. |
Secure Access Service | Allows to configure Secure Access Service at Edge level. See Configure Secure Access Service for Edges. |
Routing & NAT
Settings | Description |
---|---|
Multicast | Configure Multicast to send data to only interested set of receivers. See Configure Multicast Settings for Edges. |
BFD | By default, the Edge inherits the BFD configuration settings from the associated Profile. If required, you can select the Override checkbox to modify the settings. For more information, see Configure BFD for Edges. |
LAN-Side NAT Rules | Allows you to NAT IP addresses in an unadvertised subnet to IP addresses in an advertised subnet. See LAN-side NAT Rules at Edge Level. |
ICMP Probes | Configure ICMP probes that check for the network continuity by pinging specified IP address at frequent intervals. See Configure ICMP Probes/Responders. |
ICMP Responders | Configure ICMP Responders that respond to ICMP probes from a specified IP address. See Configure ICMP Probes/Responders. |
Static Route Settings | Configure Static Route Settings for special cases in which static routes are needed for existing network attached devices, such as printers. See Configure Static Route Settings. |
DNS | Use the DNS Settings to configure conditional DNS forwarding through a private DNS service and to specify a public DNS service to be used for querying purpose. See Configure DNS for Edges. |
OSPF | The OSPF settings configured in the associated Profile are displayed. You can configure OSPF areas only for a Profile and only for a Global Segment. For Edges, you can configure additional OSPF settings for routed Interfaces. For more information, see Activate OSPF for Profiles. |
BGP | Configure BGP settings for Underlay Neighbors and Non SD-WAN Neighbors. See Configure BGP. |
High Availability
Settings | Description |
---|---|
High Availability | Activate High Availability for the selected Edge. Choose one of the following options:
For more information, see Configure High Availability Settings for Edges. |
Telemetry
Settings | Description |
---|---|
Visibility Mode | Choose the visibility mode to track the network using either MAC address or IP address. See Configure Visibility Mode for Edges. |
Syslog | Configure Syslog collector to receive SASE Orchestrator bound events and firewall logs from the Edges configured in an Enterprise. See Configure Syslog Settings for Edges. |
Netflow Settings | As an Enterprise Administrator, at the Edge level, you can override the Netflow settings specified in the Profile. Configure Netflow Settings for Edges. |
SNMP | Enable the required SNMP version for monitoring the network. Ensure that you download and install all the required SNMP MIBs before enabling SNMP. See Configure SNMP Settings for Edges. |
Security VNF
Settings | Description |
---|---|
Security VNF | Configure security VNF to run the functions of a network service in a software-only form. For more information, see Security Virtual Network Functions. |
Edge Services
Settings | Description |
---|---|
Authentication | Allows to select a RADIUS server to be used for authenticating a user. For more information, see Configure Authentication Settings for Edges. Click New RADIUS Service to create a new RADIUS server. For more information, see Configure Authentication Services. |
NTP | Allows to synchronize the system clocks of Edges and other network devices. See Configure NTP Settings for Edges. |