Citrix SD-WAN

Enable and Configure Virtual WAN Security and Encryption (Optional)

To enable and configure Virtual WAN security and encryption, do the following:

Note

Enabling Virtual WAN security and encryption is optional.

  1. Navigate to the Basic tab in the Configuration Editor, Select Global from View mode. The Virtual Network Settings configuration form is displayed.

    localized image

  2. Click Edit (pencil icon) to enable editing for the form.

    localized image

  3. Enter your global security settings. The options are as follows:

    • Network Encryption Mode – This is the encryption algorithm used for encrypted paths. Select one of the following from the drop-down menu: AES 128 Bits or AES 256 Bits.

    • Enable Encryption Key Rotation: When enabled, encryption keys are rotated at intervals of 10–15 minutes.

    • Enable Extended Packet Encryption Header: When enabled, a 16 bytes encrypted counter is prepended to encrypted traffic to serve as an initialization vector, and randomize packet encryption.

    • Enable Extended Packet Authentication Trailer: When enabled, an authentication code is appended to the contents of the encrypted traffic to verify that the message is delivered unaltered.

    • Extended Packet Authentication Trailer Type: This is the type of trailer used to validate packet contents. Select one of the following from the drop-down menu: 32-Bit Checksum or SHA-256.

  4. Click Apply to apply your settings to the configuration.

This completes the configuration of the MCN site. The next step is to name and save the new MCN site configuration (optional, but recommended), as described in the following section.

Warning

If your console session times out or you log out of the Management Web Interface before saving your configuration, any unsaved configuration changes are lost. You must then log back into the system, and repeat the configuration procedure from the beginning. For that reason, it is recommended that you save the configuration package often, or at key points in the configuration.

Enable and Configure Virtual WAN Security and Encryption (Optional)

In this article