Product Documentation

Global settings

Global Settings are network-wide settings, applicable to all the sites.

To configure global setting, navigate to Configuration > Global Settings. Select Security, WAN Path Settings, or Certificates as needed.

localized image

You can configure the following global settings:

  • Security: Select the encryption mechanism to be used across the network.

    localized image

  • WAN Path Settings: Currently, the following two settings are exposed:

    • Rules to automate the creation of paths between compatible WAN links.
    • Global defaults for Dynamic Virtual Paths

    These settings are inherited by all WAN links in the customer network.

    • WAN link auto-path settings

      WAN link auto-path rules are used for auto-path creation between compatible WAN links. You can override these rules under Site Configuration and Virtual Paths, wherein you can select or unselect individual member paths for a given virtual path.

    • Default auto-path rules

      Default auto-path rules are intended at automating the creation of paths between

      • any two internet links
      • any two MPLS links that share the same service provider, and
      • any two Private Intranet links that share the same service provider
    • Custom auto-path rules

      Custom auto-path rules enable private intranet or MPLS links to automatically create paths with other Private Intranet or MPLS links across varying service providers.

      For example, consider this scenario - A company has offices in the US and India. The US offices use AT&T MPLS links, while the India offices use Airtel MPLS links. Let’s say AT&T and Airtel MPLS links are compatible in terms of DSCP tags and related parameters and are amenable for the creation of paths with each other. Custom auto-path rules allow you to select an ISP pair (for example ATT – Airtel in this case) and enable auto-creation of paths among the links belonging to these ISPs.

      localized image

    • Dynamic virtual path settings

      The global dynamic virtual path settings allow admins to configure dynamic virtual path defaults across the network.

      A dynamic virtual is instantiated dynamically between two sites to enable direct communication between them, without any intermediate SD-WAN node hops. Similarly, the dynamic virtual path connection is removed dynamically too. Both the creation and removal of dynamic virtual paths are triggered based on bandwidth thresholds and time settings as described following.

      Here are some of the settings supported:

      • Provision to enable or disable dynamic virtual paths across the network
      • The route cost for dynamic virtual paths
      • The QoS Profile to be used – Standard by default.
      • Dynamic Virtual Path Creation Criteria:

        • Measurement interval (seconds): The amount of time (in seconds) over which the packet count and bandwidth will be measured to determine if dynamic virtual path needs to be created between two sites – in this case, between a given Branch and the Control Node.
        • Throughput threshold (kbps): The threshold, in kbps, of total throughput between two sites, measured over the Measurement interval, at which Dynamic Virtual Path will be triggered. In this case the threshold applies to the Control Node.
        • Throughput threshold (pps) - The threshold (in packets per second) of total throughput between two sites, measured over the Measurement interval, at which Dynamic Virtual Path will be triggered.
      • Dynamic Virtual Path Removal Criteria:

        • Measurement interval (minutes): The amount of time (in minutes) over which the packet count and bandwidth will be measured to determine if a Dynamic Virtual Path needs to be removed between two sites – in this case, between a given Branch and the Control Node.
        • Throughput threshold (kbps) - The threshold (in kbps) of total throughput between two sites, measured over the Measurement interval, at which Dynamic Virtual Path will be removed.
        • Throughput threshold (pps) - The threshold, (in packets per second) of total throughput between two sites, measured over the Measurement interval, at which Dynamic Virtual Path will be removed.
      • Timers

        • Wait time to flush dead virtual paths (m): The time, in minutes, after which a DEAD Dynamic Virtual Path will be removed.
        • Hold time before the recreation of dead virtual paths (m): The time, in minutes, after which a Dynamic Virtual Path removed for being DEAD can be recreated.

      localized image

  • Certificates

    Identity Certificates are used to sign or encrypt data to validate the contents of a message and the identity of the sender. Trusted certificates are used to verify message signatures. NetScaler SD-WAN appliances accept both Identity Certificates and Trusted Certificates. Administrators can manage certificates in the Configuration Editor.

    To add certificate click the + Add Certificate option.

    localized image

    • Identity Certificates: Identity certificates require that the certificate’s private key be available to the signer. Identity Certificates or their certificate chains must be trusted by a peer to validate the contents and identity of the sender. The configured Identity Certificates and their respective Fingerprints are displayed in the Configuration Editor.

    • Trusted Certificates: Trusted Certificates are self-signed, intermediate certificate authority (CA) or root CA certificates used to validate the identity of a peer. No private key is required for a Trusted Certificate. The configured Trusted Certificates and their respective Fingerprints are listed here.

    localized image

Global settings

In this article