Citrix SD-WAN

Manual Secure Peering initiated from PE appliance at DC site to Branch Standalone SD-WAN SE and WANOP Appliance

  • PE DC appliance is in LISTEN ON mode (on port 443).
  • Branch PE appliance is in CONNECT-TO mode.
  • LISTEN-ON IP for PE is in the interface IP associated to the routing domain for which “Redirect to WANOP” is enabled.
  • Manually upload CA and Cert Key pair certificates obtained from authentic source of certificate authority.
  1. Upload CA Certificate and CA Key Certificate obtained from authentic certificate and provide to SD-WAN as shown below. localized image localized image

  2. On a new PE (Premium Edition) appliance at the DC site, in the SD-WAN web GUI, go to Configuration > Secure Acceleration > Secure Peering. localized image

  3. Enable the keystore by providing the keystore password or disable the keystore. localized image localized image

  4. Enable secure peering by selecting CA Certificate radio button and providing uploaded CA and CA Key pair certificates appropriately as shown below. localized image

  5. Provide Remote machine’s Virtual IP along with Port 443 as shown below. localized image localized image

Monitoring

  1. View Secure Partner Information on the Premium (Enterprise) Edition appliance under Monitoring > WAN Optimization > Partners page. localized image

  2. On partner appliance, View Secure Partner Information on the Premium (Enterprise) Edition appliance under Monitoring > Partners > Secure Partners page. localized image

Troubleshooting

  1. View Secure Partner Success / Failure Information on the Premium (Enterprise) Edition Appliance under Monitoring > WAN Optimization > Partners > Secure Partners page. localized image

  2. On partner appliance, view Secure Partner Information on the Premium (Enterprise) Edition appliance under Monitoring > Appliance Performance > Logging page.

localized image

Manual Secure Peering initiated from PE appliance at DC site to Branch Standalone SD-WAN SE and WANOP Appliance