Regions, Site, and IP Groups

Administrators can group sites or IP addresses to simplify common application policies across multiple sites or network addresses, and also serve as filters for reports.

To view Regions, Site and IP Groups, navigate to Configuration > Regions, Site & IP Groups.

Regions, Site & IP Groups

Regions

Regions help to create administrative boundaries within large networks spanning hundreds to thousands of sites. If your organization has a large network spanning multiple administrative (or geographical) boundaries, you can consider creating regions to segment the network.

Currently, a maximum of 550 sites are supported per region, and each region is expected to have a Regional Control Node (RCN), which serves as the hub and controller for the region. So, you would typically consider a multi-region deployment if your network has more than 500 sites. By default, all networks are single region networks, where the Master Control Node (MCN) serves as the hub and the control node for all the sites. On adding one or more regions, the network becomes a multi-region network. The region associated with the MCN is called the default region.

A multi-region network supports a hierarchical architecture with an MCN controlling multiple RCNs. Each RCN, in turn, controls multiple branch sites. Even in a multi-region deployment, you can have the MCN double up as the direct hub node for a subset of the sites while having rest of the sites use their respective RCNs as hub nodes. The sites being managed directly by the MCN that is, the RCNs and potentially some other sites directly managed by the MCN are said to be in the default region. The default region would be the only region for a network before other regions are added.

To create a site group at region level click + Region. Provide a region name and select sites. Provide a region name and select the sites. Click Review and then Save.

Note

A customer can only have Static or Dynamic Virtual paths within a Region.

Regions

You can place sites under the region once a Region is created successfully.

Note

Dynamic virtual paths cannot be established between branches in different regions.

Custom site groups

Custom Site Groups provide users the flexibility to group sites as needed. Users can apply policies for groups of sites at once, without necessarily having to deal with each site individually. Groups can also serve as filters for dashboards, reports, or network configuration. Unlike Regions, groups can overlap in terms of sites. In other words, the same sites can be part of multiple groups.

For example, a user can create a group named Business Critical Sites to configure common policies for all your business-critical sites, and also be able to monitor their health and performance separately as a group. Some of those sites can also be a part of a Large Branch Office group, for instance.

Custom Site Groups provide a way to logically group sites together for reporting purposes. You can create custom groups and add sites to each custom group. To create a custom group click + Custom Group. Provide a group name and select or add sites. Click Review and then Save.

Custom site groups

IP groups

Users can group IP and network addresses by using IP Groups. These groups can be used in configuration and policies as needed, without necessarily having to key in individual IP addresses each time.

You can create IP groups and add sites to each IP group. Network objects can be grouped based on the IP address. To create an IP group, select IP Groups and click + IP Group. Provide a group name. Click + IP Address and enter IP addresses to be added to the IP group.

IP groups

Regions, Site, and IP Groups