WAN Link Mapping

Important - If you did not to use the SD-WAN Wizard during the initial deployment, then you must configure the required settings manually.

This section describes how to configure a mapping between WAN Links and Internet Service Providers.

  1. Log in to Check Point Infinity Portal.

  2. Click the top left Menu > in the section Quantum, click SD-WAN.

  3. From the left navigation panel, click Network.

  4. In the middle section, click SD-WAN Policy.

  5. From the top toolbar, click WAN Link Mapping.

  6. Configure the WAN Links:

    1. From the top toolbar, click Manage WAN Links.

      Note - From the top toolbar, you can:

      • Create a new WAN Link

      • Delete a selected WAN Link

      • Search the WAN Links

      • Edit a selected WAN Link

    2. When you create a new WAN Link, or edit an existing WAN Link:

      1. In the Name field, enter a short name that represents this WAN Link.

        This name appears in the Steering Behavior configuration.

      2. Optional: In the Comment field, enter an applicable text that describes this WAN Link.

      3. In the Type field, select:

        • Public - This represents a general public ISP link.

          Important - You can use a WAN Link of type "Public" for the connection types "Local Breakout" and "Overlay - VPN".

        • Private - This represents a private link (for example, MPLS).

          Important - You can use a WAN Link of type "Private" only for the connection type "Overlay - VPN" (you cannot use it for the connection type "Local Breakout").

    3. Click OK.

  7. Configure the WAN Link Mapping.

    The WAN Link Mapping section shows this table (it shows only the Security Gateways that you added to profiles of type SD-WAN Profile):

    Gateway

    Name of WAN Link #1

    Name of WAN Link #2

    Name of WAN Link #...

    Name of Security Gateway Object #1

    N/A

    N/A

    N/A

    Name of Security Gateway Object #2

    N/A

    N/A

    N/A

    Name of Security Gateway Object #...

    N/A

    N/A

    N/A

    Any

    N/A

    N/A

    N/A

    You can click in the cell of the applicable WAN Link for the applicable Security Gateway and select the applicable interface on that Security Gateway. If you keep the default setting "N/A", then the SD-WAN Policy does not apply.

    The last row with the Gateway "Any" is a fallback for WAN Link Mapping - which interface to use if an administrator did not configure an interface explicitly.

    If for the Gateway row "Any" you click in the cell of the applicable WAN Link, you can:

    • In the Name field, enter a short name that represents this WAN Link.

      This name appears in the Steering Behavior configuration.

    • In the Tag field, you can enter the interface tag. This value is required only for advanced WAN Link configuration. We recommend to keep this field blank.

    Notes:

    • If a row is grayed out, and you cannot click in cells of that row, it means that the Nano-Agent on that Security Gateway is not connected to the SD-WAN service.

    • If an exclamation icon appears next to the Security Gateway name, it means there are no SD-WAN interfaces configured on this Security Gateway.

    • If an exclamation icon appears next to the interface name (in a WAN Link column), it means this interface was configured as an SD-WAN interface, but its configuration changed - it is no longer an SD-WAN interface.

  8. Click OK.

  9. From the top toolbar, click Publish to save the changes.

  10. From the top toolbar, click Enforce to apply the changes.

    The orange frame on this button means there are changes that are not enforced.

    In the popup window that opens, click Publish & Enforce Policy.