Options for initial configuration

You can configure the Secure SD-WAN Engine software using plug-and-play configuration, automatic configuration, or the Secure SD-WAN Configuration Wizard.

Secure SD-WAN Engine appliances come with Secure SD-WAN Engine software installed. If you have an Secure SD-WAN Engine license, you can configure the engine in any of the three Secure SD-WAN Engine roles. If you have a license for a specific type of engine (Engine/VPN or IPS), you can only use the engine in that specific role.

There are three ways to configure the Secure SD-WAN Engine software.
  • Plug-and-play configuration — The Secure SD-WAN Engine appliance automatically connects to the Installation Server, downloads the initial configuration file, then contacts the Management Server.

    You must have Secure SD-WAN Engine appliances and proof-of-serial codes to use plug-and-play configuration. Plug-and-play configuration is only supported for single Secure SD-WAN Engines in the Engine/VPN role that have a dynamic control IP address.

    Note: There are special considerations when using plug-and-play configuration. For example, both the SMC and the Secure SD-WAN Engines must be registered for plug-and-play configuration before you configure the engines. See Knowledge Base article 9662.
  • Automatic configuration — You can configure Secure SD-WAN Engine appliances automatically with a USB drive that contains the initial configuration files.
  • Secure SD-WAN Configuration Wizard — If it is not possible to use plug-and-play configuration or automatic configuration, or you do not want to use them, you can use the Secure SD-WAN Configuration Wizard. You can use the Secure SD-WAN Configuration Wizard in two ways:
    • Connect a serial cable to the appliance and use the Secure SD-WAN Configuration Wizard on the command line.
    • Connect an Ethernet cable to the appliance and use the Secure SD-WAN Configuration Wizard in a web browser.

Before a policy can be installed on the appliance, you must configure some permanent and some temporary network settings for the engine.

To successfully complete the initial configuration:

  1. The SMC must be installed.
  2. The Secure SD-WAN Engine elements (Engine, IPS, or Layer 2 Engine elements) must be defined in the Management Client.
  3. Engine-specific configuration information must be available from the Management Server. The required information depends on the configuration method.
    • For plug-and-play configuration, the initial configuration file for the Secure SD-WAN Engine must be uploaded to the Installation Server.
    • For automatic configuration, you must have saved the initial configuration file on a USB drive.
    • For the Secure SD-WAN Configuration Wizard, you must have a one-time password for the engine.

The appliance must contact the Management Server before it can be operational.