Create Single Engine elements

Create a Single Engine element for each Secure SD-WAN engine that you deploy in the AWS cloud.

1. In the Management Client component of the SMC, add a Single Engine element.
2. From the Location drop-down list on the General pane, select the Location element for elements outside of the local network of the SMC servers.
   In the example configuration, the "internet" Location element is used.
3. Add a layer 3 physical interface and configure it as the primary control interface.
   1. To add a layer 3 physical interface, select Add > Layer 3 Physical Interface.
   2. To add a dynamic IP address to the interface, select Add > IPv4 Address.
   3. From the IP address type drop-down list, select Dynamic.
   4. From the Dynamic Index drop-down list, select First DCHP Interface.
   5. In the Interface Options, select Interface ID 0 as the primary control interface.
      The Node-Initiated Contact to Management Server option is automatically selected when the control IP address is dynamic. When the option is selected, the engine opens a connection to the Management Server and maintains connectivity.
4. (Optional) Add more physical interfaces and IPv4 addresses according to your environment.
5. If the SMC is located outside of the VPC where the Secure SD-WAN Engine is deployed, add a route to the Management Server on the Routing pane in one of the following ways:
   • Add a static route through Interface 0 to the IP address of the Management Server.
     Note: The routing configuration in the SMC must be the same as the routing configuration in AWS.
   • Add a default route through Interface 0 to the Internet through Interface 0.
6. Add more routes and configure other settings according to your environment, then click Save to save and validate changes.
7. Install a license for the Secure SD-WAN engine and bind the license to the Single Engine element.
   Note: When you use the Bring Your own License image, you must install a license for the engine in the SMC.
8. Save the initial configuration.
   1. Right-click the engine, then select Configuration > Save initial Configuration.
      
      
      
   2. Next to the Initial Security Policy field, click Select and select a policy for the engine.
   3. Select Enable SSH Daemon.
   4. Keep the Save or Upload Initial Configuration dialog box open.
      This dialog box shows the one-time password that you enter when you establish contact between the Secure SD-WAN Engine and the Management Server.