Select additional options for Virtual Engine interfaces
In the Virtual Engine's interface options, you can select which IP addresses are used in particular roles.
Interface Options can only be configured for Virtual Engines. All communication between Virtual Engines and the SMC is proxied by the Master Engine. Virtual Engines do not have any interfaces for system communication.
For more details about the product and how to configure features, click Help or press F1.
Steps
- Right-click an Secure SD-WAN Engine, then select Edit <element type>.
- Browse to .
- Configure the settings.
Next steps
- Add loopback IP addresses for the Virtual Engine.
- If you are configuring a new Virtual Engine, click Save, close the Engine Editor, then add routes for the Master Engine.
- Otherwise, click Save and Refresh to transfer the configuration changes.
Engine Editor > Interfaces > Interface Options
Use this branch to define which IP addresses are used in particular roles in the Secure SD-WAN Engine's system communications.
Option | Definition |
---|---|
Control Interface
(Not Virtual Engines) |
Note: We recommend that you do not use the IP address of an Aggregated Link interface as the primary or secondary control IP address of the Engine.
|
Node-Initiated Contact to Management Server | When selected, the Secure SD-WAN Engine opens a connection to the Management Server and maintains connectivity. This option is always
used with a dynamic control IP address, so it is always selected if the control IP address is dynamic. If the connection is not open when you command the Secure SD-WAN Engine through the Management Client, the command is left pending until the Secure SD-WAN
Engine opens the connection again. Note: This option is not supported for IPS Clusters, Layer 2 Engine Clusters, or Virtual Secure SD-WAN Engines.
|
Heartbeat Interface
(Clusters and Master Engines only) |
On Master Engines, you cannot use shared interfaces as a heartbeat interface. |
IPv4 Identity for Authentication Requests or IPv6 Identity for Authentication Requests |
The IPv4 address or IPv6 address of the selected interface is used when an Secure SD-WAN Engine contacts an external authentication server. This option does not affect the routing of the connection with the authentication server. The IP address is used only as a parameter inside the authentication request payload to give a name to the request sender. |
IPv4 Source for Authentication Requests or IPv6 Source for Authentication Requests | By default, specifies the source IPv4 address or IPv6 address for authentication requests according to routing. If the authentication requests are sent to an external authentication server over VPN, select an interface with a Node Dedicated IP address that you want to use for the authentication requests. |
Default IP Address for Outgoing Traffic | Specifies the IP address that the Secure SD-WAN Engine uses to initiate connections (such as for system communications and ping) through an interface that has no Node Dedicated IP Address. In clusters, you must select an interface that has an IP address defined for all nodes. |