Citrix SD-WAN

In-band and backup management

In-band management

Citrix SD-WAN allows you to manage the SD-WAN appliance in two ways, out-of-band management and in-band management. Out-of-band management allows you to create a management IP using a port reserved for management, which carries management traffic only. In-band management allows you to use the SD-WAN data ports for management, which carry both data and management traffic, without having to configure an addition management path.

In-band management allows virtual IP addresses to connect to management services such as web UI and SSH. You can enable In-band management on multiple trusted interfaces that are enabled to be used for IP services. You can access the web UI and SSH using the management IP and in-band virtual IPs.

To enable in-band management on a virtual IP:

  1. In the configuration editor navigate to Sites > Virtual IP Addresses.
  2. Select Inband Mgmt for the virtual IPs for which you want to enable in-band management.

    Note:

    The interface should be of security type Trusted and Identity enabled.

    localized image

  3. Click Apply

For detailed procedure on configuring virtual IP address, see How to configure virtual IP.

Monitoring in-band management

In the preceding example, we have enabled in-band management on 172.170.10.78 virtual IP. You can use this IP to access the web UI and SSH.

In the web UI navigate to Monitoring > Firewall. You can see SSH and web UI accessed using the virtual IP on port 22 and 443 respectively in the Destination IP address column.

Localized image

Back up management network

You can configure a virtual IP address as a back-up management network. It is used as the management IP address if the management port is not configured with a default gateway.

Note:

If a site has internet service configured with a single routing domain, a trusted interface with identity enabled is selected as the backup management network by default.

To select a virtual IP as a back-up management network:

  1. In the configuration editor navigate to Sites > Virtual IP Addresses.

  2. Select a virtual IP address as a backup management network.

    localized image

  3. Click Apply.

For detailed procedure on configuring virtual IP address, see How to configure virtual IP address section in Configuration topic.

Monitoring backup management

In the preceding example, we have selected 172.170.10.78 virtual IP as the backup management network. If the management IP address is not configured with a default gateway, you can use this IP to access the web UI and SSH.

In the web UI navigate to Monitoring > Firewall. You can see this virtual IP address as the source IP address for SSH and web UI access.

Localized image

In-band and backup management