To establish a VPN connection between Branch and Hubs, follow the below steps:
- In the SD-WAN service of the Enterprise portal, go to .
- Select a profile or click the View link in the Device column. The Device settings page for the selected profile appears.
- Go to VPN Services area and activate Cloud VPN by turning the toggle button to On.
- Select the Enable Branch to Hubs check box under Branch to Hub Site (Permanent VPN). The Hubs Designation section appears on the screen.
- Click Edit Hubs. The following window is displayed:
- From Available Edges & Clusters section, you can select and configure the Edges to act as SD-WAN Hubs, or Backhaul Hubs.
Note: An Edge cluster and an individual Edge can be simultaneously configured as Hubs in a Branch Profile. Once Edges are assigned to a Cluster, they cannot be assigned as individual Hubs.
- Select the Enable Conditional BackHaul check box to activate Conditional Backhaul.
With Conditional Backhaul activated, the Edge can failover Internet-bound traffic (Direct Internet traffic, Internet via SD-WAN Gateway (IPv4 and IPv6) and Cloud Security Traffic via IPsec) to MPLS links whenever there are no Public Internet links available. When Conditional Backhaul is activated, by default all Business Policy rules at the Branch level are subject to failover traffic through Conditional Backhaul. You can exclude traffic from Conditional Backhaul based on certain requirements for selected policies by deactivating this feature at the selected Business Policy level. For more information, see Conditional Backhaul.
- Click Update Hubs.
