Citrix SD-WAN

Connecting the client appliances to your network

For an initial deployment, or if you are adding client nodes to an existing SD-WAN, the next step is for the branch site administrators to connect the client appliances to the network at their respective branch sites. This is in preparation for uploading and activating the appropriate SD-WAN appliance packages to the clients. Connect each branch site administrator to initiate and coordinate these procedures.

To connect the site appliances to the SD-WAN, site administrators should do the following:

  1. If you have not already done so, set up the client appliances.

    For each appliance you want to add to your SD-WAN, do the following:

    1. Set up the SD-WAN appliance hardware and any SD-WAN VPX virtual appliances (SD-WAN VPX-SE) you are deploying.
    2. Set the Management IP Address for the appliance and verify the connection.
    3. Set the date and time on the appliance. Set the console session timeout threshold to a high or the maximum value.
    4. Upload and install the software license file on the appliance.
  2. Connect the appliance to the branch site LAN. Connect one end of an Ethernet cable to a port configured for LAN on the SD-WAN appliance. Then connect other end of the cable to the LAN switch.

  3. Connect the appliance to the WAN. Connect one end of an Ethernet cable to a port configured for WAN on the SD-WAN appliance. Then connect the other end of the cable to the WAN router.

The next step is for the branch site administrators to install and activate the appropriate SD-WAN appliance package on their respective clients.

Accessing the shell command

From SD-WAN 11.4.1 release onwards, Admin account users can run the shell command from the SD-WAN CLI console directly, without being prompted for the login credentials of the CBVWSSH static account. This feature enhances the security of your SD-WAN appliances as it removes the hard coded password of the CBVWSSH account and replaces it using a more secure method. To run the shell command, login to the SD-WAN CLI console and type shell.

Note

  • This functionality is supported only for Admin account users. It is not supported for Network administrators, Security administrators, or Viewer account users.
  • This functionality is meant for troubleshooting purposes only. Any system-specific changes that are made through the shell command are supervised by Citrix.

Upgrade

When you upgrade your SD-WAN appliance to the 11.4.1 version, the password of the default admin account gets synchronized with the CBVWSSH account. This synchronization between the CBVWSSH account and the default admin account happens every time you edit/update the admin account.

Downgrade

When you downgrade your SD-WAN appliance from 11.4.1 to an older version, you get an option to and reset the password of the default admin account. However, the new password does not get synchronized to the CBVWSSH account. Therefore, to be able to access the shell command even after a downgrade, it is mandatory to remember the current password before downgrading your appliance.

Connecting the client appliances to your network