Citrix SD-WAN

Configure Virtual WAN Service

The Citrix SD-WAN configuration describes and defines the topology of your Citrix SD-WAN network. Before you can deploy an SD-WAN network, you must define the Virtual WAN configuration. To do this, use Configuration Editor in the Citrix SD-WAN Management Web Interface on the MCN appliance.

Security and encryption

Enabling encryption for SD-WAN (for the Virtual Paths) is optional. Instructions for configuring this feature are provided in the section, Enabling and Configuring Virtual WAN Security and Encryption (Optional)

When encryption is enabled, SD-WAN uses the Advanced Encryption Standard (AES) to secure traffic across the Virtual Path. Both AES 128 bit and 256 bit ciphers (key sizes) are supported by the SD-WAN Appliances, and are configurable options. You can select, enable, and configure these and the other encryption options by using the Configuration Editor in the Management Web Interface on the Management Control Node (MCN). You must have administrative access on the MCN to modify the configuration, and to distribute your changes across the SD-WAN network. Once the MCN is secured, the encryption settings and their distribution are also secure.

Authentication between sites functions with the Virtual WAN Configuration. The network configuration has a secret key for each site. For each Virtual Path, the network configuration generates a key by combining the secret keys from the sites at each end of the Virtual Path. The initial key exchange that occurs after a Virtual Path is first set up, is dependent upon the ability to encrypt and decrypt packets with that combined key.

Enabling virtual WAN service

If this is an initial installation and configuration, as a final step you need to manually enable the Virtual WAN Service on each SD-WAN appliance in your network. Enabling the service enables and starts the Virtual WAN daemon.

Note

If you are reconfiguring an existing deployment, the MCN automatically enables the service when it distributes the updated Appliance Packages to the client sites. In this case, you can skip this final step.

To manually enable the Virtual WAN Service on an appliance, do the following:

  1. Log into the Management Web Interface on the appliance you want to activate.

  2. Select Configuration tab.

  3. In the navigation pane, open the Virtual WAN branch and select Enable/Disable/Purge Flows.

    If the Virtual WAN Service is disabled, this displays the Enable Virtual WAN Service page, as shown below. If the service is already enabled, this displays the Enable/Disable/Purge Flows page.

    localized image

  4. Click Enable. This enables the service, and displays the Enable/Disable/Purge Flows page.

    localized image

When the Virtual WAN Service is enabled,a status message to that effect displays in the top section of the page.

Note

This page also presents options for enabling/disabling specific paths and Virtual Paths in your network, as well as an option to purge all flows.

This completes the installation and activation of the SD-WAN on the MCN and branch site client appliances. You can now use the Monitoring pages to verify the activation and diagnose any existing or potential configuration issues.

Configure Virtual WAN Service