To create a Gatewaypaired with Bastion Orchestrator, perform the following steps.
Procedure
- In the Orchestrator UI, click the Gateway Management tab and go to Gateways in the left navigation pane.
The Gateways page appears.
- Click New Gateway.
The New Gateway dialog appears.
- In the New Gateway dialog, configure the following details:
Field Description Name Enter a name for the new Gateway. IPv4 Address Enter the IPv4 address of the Gateway. IPv6 Address Enter the IPv6 address of the Gateway. Service State Select the service state of the Gateway from the drop-down list. The following options are available: - In Service - The Gateway is connected and available.
- Out of Service - The Gateway is not connected.
- Quiesced - The Gateway service is quiesced or paused. Select this state for backup or maintenance purposes.
Gateway Pool Select the Gateway Pool from the drop-down list, to which the Gateway would be assigned. Authentication Mode Select the authentication mode of the Gateway from the following available options: - Certificate Not Required - Gateway uses a pre-shared key mode of authentication.
- Certificate Acquire - This option is selected by default and instructs the Gateway to acquire a certificate from the certificate authority of the SASE Orchestrator, by generating a key pair and sending a certificate signing request to the Orchestrator. Once acquired, the Gateway uses the certificate for authentication to the SASE Orchestrator and for establishment of VCMP tunnels.
Note: After acquiring the certificate, the option can be updated to Certificate Required.Note: With the Bastion Orchestrator feature enabled, the Gateways that are to be staged to Public Orchestrator should have the Authentication mode set to either Certificate Acquire or Certificate Required.
- Certificate Required - Gateway uses the PKI certificate.
Contact Name Enter the name of the Site Contact. Contact Email Enter the Email ID of the Site Contact. Note:- Once you have created a Gateway, you cannot modify the IP addresses.
- Release 4.3.x and 4.4.x support Greenfield deployment of Gateways for IPv6. If you have upgraded a Gateway from a previous version earlier than 4.3.0, you cannot configure the upgraded Gateway with the IPv6 address.
- Release 4.5.0 supports both the Greenfield and Brownfield deployment of Gateways for IPv6. If you have upgraded a Gateway from a previous version earlier than 4.5.0, you can dynamically configure IPv6 address for the Gateway.
- IPv4/IPv6 dual-stack mode is not supported for Bastion Orchestrator configuration.
Results
What to do next
To stage the Gateway to the Bastion Orchestrator, see Stage a SD-WAN Gateway to Bastion Orchestrator.