Install Citrix SD-WAN SE VPX on Google Cloud Platform

Deploying Citrix SD-WAN SE VPX on GCP enables organizations to establish a direct and highly secure connection between branches and applications hosted on GCP. It eliminates the need to backhaul cloud bound traffic through the Data Center. The key benefits of using Citrix SD-WAN on GCP are:

  • Create direct connections from every branch site to GCP.

  • Ensure an always-on connection to GCP.

  • Extend your secure perimeter to the cloud.

  • Evolve to a simple and easy to manage branch network.

Citrix SD-WAN Standard Edition for GCP logically bonds multiple network links into a single secure logical virtual path. The solution enables organizations to use variety of connections from different service providers to get highly resilient virtual WAN paths. These virtual paths function as an overlay to seamlessly aggregate bandwidth capacities across multiple links and deliver consistent user experience even if some of the member links go down or suffer degradation. This is enabled by the per-packet load balancing and monitoring capabilities of Citrix SD-WAN.

Summary of deployment steps

  1. Choose a region where you want to deploy the instance and create three VPCs in different subnets.

    NIC Associated network
    NIC 0 (default) Management subnet
    NIC 1 LAN subnet
    NIC 2 WAN subnet

    Note

    If you are creating a new management subnet, allow port 443 in its firewall rules.

  2. Create a Citrix SD-WAN SE instance and associate the interfaces with the VPCs.

  3. Create firewall rules on WAN subnet VPC to enable ingress on UDP port 4980. It is used by Citrix SD-WAN instance to create the virtual path.

  4. Create a route on LAN subnet VPC to intercept all the traffic generated from LAN.

  5. Access the Citrix SD-WAN SE VPX using the management IP address.

Create VPC networks

Create VPC networks that will be associated with the management subnet, LAN subnet, and WAN subnet. While creating an image a default interface is available, this can be used as the management interface. Create two VPC network for LAN and WAN subnet.

To create a VPC network, in the GCP console navigate to VPC network > VPC networks > Create VPC Network.

Create VPC network

Specify the name, description, region subnet IP address and create a LAN VPC network.

Create VPC network

Similarly create a WAN VPC network.

Create VPC network

Note

All three VPC networks must be in the same region.

Create the Citrix SD-WAN SE VPX instance

  1. In GCP Marketplace search for Citrix SD-WAN Standard Edition, open it, and click LAUNCH ON COMPUTE ENGINE.

    Create SD-WAN SE instance

    Create SD-WAN SE instance

  2. The required vCPU’s and memory are selected by default. Select the GCP Region.

    Note

    The GCP region should be same as the region of the VPC networks.

    Create SD-WAN SE instance

  3. From Existing network1 list select default, this is the management interface. Similarly, for Existing network2 and Existing network3 select the LAN and WAN subnets respectively. Ensure that useExNet is selected for all the three networks and click Deploy.

    Note

    If you are creating a new management subnet, allow port 443 in its firewall rules.

    Create SD-WAN SE instance

  4. After the SD-WAN SE VPX instance is deployed. Use the default user name and password provided by GCP to log in into the SD-WAN SE VPX.

    Create SD-WAN SE instance

Create firewall rule on WAN subnet VPC

  1. Navigate to VPC Network > VPC Networks > WAN subnet VPC. In the Firewall rules tab, click Add firewall rule.

    Create SD-WAN SE instance

  2. Allow ingress for all instances on UDP port 4980. This port is used by the SD-WAN instance to create an overlay network.

    Create SD-WAN SE instance

Create a route on LAN subnet VPC

Create a route on LAN subnet VPC to intercept all the traffic generated from LAN.

  1. Navigate to VPC Network > VPC Networks > LAN subnet VPC. In the Routes tab, click Add route.

    Create route

  2. Enter the Destination IP range, the LAN network of the other end. In the Next Hop field, select Specify IP address and in the Next hop IP address specify the SD-WAN LAN interface IP.

    Create route

Access the SD-WAN SE VPX instance

Use the management interface IP address to access the GUI of the SD-WAN SE VPX instance. Use the default user name and password provided by GCP to log into the SD-WAN SE VPX.

Access SD-WAN SE VPX instance