Options for initial configuration
You can configure the Secure SD-WAN Engine software using plug-and-play configuration, automatic configuration, or the Secure SD-WAN Configuration Wizard.
Secure SD-WAN Engine appliances come with Secure SD-WAN Engine software installed. If you have an Secure SD-WAN Engine license, you can configure the engine in any of the three Secure SD-WAN Engine roles. If you have a license for a specific type of engine (Engine/VPN or IPS), you can only use the engine in that specific role.
- Plug-and-play configuration — The Secure SD-WAN Engine appliance automatically connects to the Installation Server, downloads the
initial configuration file, then contacts the Management Server.
You must have Secure SD-WAN Engine appliances and proof-of-serial codes to use plug-and-play configuration. Plug-and-play configuration is only supported for single Secure SD-WAN Engines in the Engine/VPN role that have a dynamic control IP address.
Note: There are special considerations when using plug-and-play configuration. For example, both the SMC and the Secure SD-WAN Engines must be registered for plug-and-play configuration before you configure the engines. See Knowledge Base article 9662. - Automatic configuration — You can configure Secure SD-WAN Engine appliances automatically with a USB drive that contains the initial configuration files.
-
Secure SD-WAN Configuration Wizard — If it is not possible to use plug-and-play configuration or automatic configuration, or you do not want to use them, you
can use the Secure SD-WAN Configuration Wizard. You can use the Secure SD-WAN Configuration Wizard in two ways:
- Connect a serial cable to the appliance and use the Secure SD-WAN Configuration Wizard on the command line.
- Connect an Ethernet cable to the appliance and use the Secure SD-WAN Configuration Wizard in a web browser.
Before a policy can be installed on the appliance, you must configure some permanent and some temporary network settings for the engine.
To successfully complete the initial configuration:
- The SMC must be installed.
- The Secure SD-WAN Engine elements (Engine, IPS, or Layer 2 Engine elements) must be defined in the Management Client.
- Engine-specific configuration information must be available from the Management Server. The required information depends on the configuration method.
- For plug-and-play configuration, the initial configuration file for the Secure SD-WAN Engine must be uploaded to the Installation Server.
- For automatic configuration, you must have saved the initial configuration file on a USB drive.
- For the Secure SD-WAN Configuration Wizard, you must have a one-time password for the engine.
The appliance must contact the Management Server before it can be operational.