In order for customers to be able to assign Partner Gateways for Profiles or Edges, Operator must activate the Partner Handoff feature for the customers. If you want to activate the Partner Handoff feature, contact your Operator. Once you have the Partner Handoff feature activated, you can assign Partner Gateways from the Configure > Profile/Edges > Device > VPN Services > Gateway Handoff Assignment page.

Considerations When Assigning Partner Gateways:

Consider the following notes when assigning Partner Gateways:

  • Partner Gateways can be assigned at the Profile or Edge level.
  • More than two Partner Gateways can be assigned to an Edge (up to 16).
  • Partner Gateways can be assigned per Segment.
Note: If you do not see the Gateway Handoff Assignment area displayed in the Device page, contact your Operator to activate this feature.

The Gateway Handoff Assignment feature has been enhanced to also support segment-based configurations. Multiple Partner Gateways can be configured on the Profile level and/or overridden on the Edge level.

To assign Partner Gateways for Profiles, perform the following steps:
  1. In the SD-WAN service of the Enterprise portal, go to Configure > Profiles.
  2. Select a profile you want to configure Gateway Handoff Assignment settings and click the View link in the Device column of the Profile. The Device page for the selected profile appears.
  3. Scroll down to VPN Services section and expand Gateway Handoff Assignment.
    config-profile-device-partner-gateway
  4. Click + Select Gateways, the Select Partner Gateways for Global Segment dialog box appears.

    By default Global Segment is selected in the Segment drop-down. You can also choose any other segment based on your requirements.

    it-admin-config-profile-device-select-partner-gateway
  5. The Partner Gateways section lists the Gateways in the Gateway Pool that are configured as a Partner Handoff Gateway.
    Note: If there are other Gateways not configured as a Partner Handoff Gateway, a following sample message will appear in the dialog box: There is one other Gateway in the Gateway Pool that is not configured as a Partner Handoff Gateway.
    Note: If you want to see only the list of selected Partner Gateways then click Show only selected.
  6. Select the Partner Gateways from the list that you want to assign to the Profile and click Update.
  7. The Partner Gateway assignments configured at the Profile level will be applied to all the Edges within the Profile. You can override the settings at the Edge level by clicking the Override check box.

Select CDE Gateways

In normal scenarios, the PCI traffic runs between the customer branch and Data Center where the PCI traffic is handoff to the PCI network and the Gateways are out of PCI scope. (The Operator can configure the Gateway to exclude PCI Segment by unchecking the CDE role).

In certain scenarios where Gateways can have a handoff to the PCI network and in the PCI scope, the Operator can activate CDE role for the Partner Gateways and these Gateways (CDE Gateways) will be available for the user to assign in the PCI Segments (CDE Type).

Assign a CDE Gateway

To assign a CDE Gateway:

By default global segment is selected in the Segment drop-down. You can also choose any other segment (CDE Type) based on your requirements.

    1. In the SD-WAN service of the Enterprise portal, go to Configure > Profiles.
    2. Select a profile you want to configure Gateway Handoff Assignment settings and click the View link in the Device column of the Profile. The Device page for the selected profile appears.
    3. Scroll down to VPN Services section and expand Gateway Handoff Assignment.
    4. Click + Select Gateways, the Select Partner Gateways for Global Segment dialog box appears.
      it-admin-config-profile-device-select-partner-CDE gateway
    5. In the Select Partner Gateways for Global Segment dialog box, in the Partner Gateways section select a Partner Gateway that is marked as CDE that you want to assign to the Profile and click Update.