EA Feature: SD-WAN with a Traditional VSX Virtual System

This section describes SD-WAN features in the Early Availability stage.

Important - To get these features, you must install the R82 Early Availability packages on the SD-WAN Security Gateway.

See the "Downloads" section in sk180605.

For information about the Traditional VSX mode, see the VSX Administration Guide for your version.

Limitations:

  • SD-WAN Profile supports only Layer 3 Virtual Systems (Virtual Routers, Virtual Switches, and Virtual Systems in the Bridge Mode are not supported)

  • Each Virtual System supports only one Default Gateway.

  • SD-WAN Policy does not support VSX Cluster objects.

Follow Step 3 - Configuration on Security Gateways with these changes:

  • Part 2 - Configuration of SD-WAN interfaces on the Security Gateway >

    Procedure for a Security Gateway that runs Gaia OS

    1. Configure the required interface settings in SmartConsole in the object of applicable Virtual System and click OK to push the VSX configuration.

    2. Install the applicable Access Control policy on the Virtual System object.

    3. Configure the applicable interfaces in the applicable Virtual System:

      1. Connect to the command line on the VSX Gateway / each VSX Cluster Member.

      2. Log in to Gaia Clish.

      3. Get the ID of each configured Virtual System:

        show virtual-systems

      4. Go to the context of the applicable Virtual System:

        set virtual-system <ID>

      5. Configure the SD-WAN settings on the applicable interfaces.

  • Part 3 - Installation of the SD-WAN Nano-Agent on the Security Gateway >

    Procedure for a Security Gateway that runs Gaia OS

    You must install the SD-WAN Nano-Agent on each applicable Virtual System:

    1. Get the Authentication Token you copied earlier from your Quantum Profile in Infinity Portal.

    2. Connect to the command line on the VSX Gateway / VSX Cluster Member.

    3. Log in.

    4. If your default shell is Gaia Clish, go to the Expert mode:

      expert

    5. Get the ID of each configured Virtual System:

      vsx stat -l

    6. Install the SD-WAN Nano-Agent on each applicable Virtual System:

      nano-egg --install --token <Authentication Token you copied earlier from your Quantum Profile> --vs_id <ID>

    7. Examine the status of the required Nano-Services in each applicable Virtual System:

      cpnano -vs <ID> -s

      The section "Service settings" in the output must show "Status: Running" for these services:

      • Check Point Orchestration Nano Service

      • Check Point Messaging Proxy Nano Service

      • Check Point SDWan Nano Service

      • Check Point Cpview Metric Provider Nano Service

      • Check Point SD-WAN Logger Nano Service

    8. In Infinity Portal > Quantum SD-WAN, navigate to the Network view > Agents page.

      This page must show each connected Virtual System.

Notes:

  • Do not install the SD-WAN Nano-Agent in the context of the VSX Gateway / VSX Cluster Member (VS0).

  • Infinity Portal > Quantum SD-WAN shows:

    • The Network view > Agents page shows only Virtual System objects (does not show the object of the VSX Gateway / VSX Cluster / VSX Cluster Members).

    • The Network view > SD-WAN Policy page > the "WAN Link Mapping" section shows only the VSX Gateway object or the VSX Cluster object (not each VSX Cluster Member).