WAN Link Mapping

Important - If you did not use the SD-WAN Wizard during the initial deployment, then you must configure the required settings manually.

This section describes how to configure a mapping between WAN Links and Internet Service Providers.

1. Log in to Check Point Infinity Portal.

2. Click the top left Menu > in the section Quantum, click SD-WAN.

3. From the left navigation panel, click Network.

4. In the middle section, click WAN Link Mapping.

5. Configure the WAN Links:

   1. From the top toolbar, click Manage WAN Links.

      Notes: From the top toolbar, you can: Create a new WAN Link Delete a selected WAN Link Search the WAN Links Edit a selected WAN Link If you hover over an existing WAN Link, the tooltip shows the Steering Behavior objects that use this WAN Link.

   2. To create a new WAN Link, click (New) and select the type:

      Note - You cannot change the WAN Link type after you selected it.

      • Public - This represents a general public ISP link.

        Important - You can use a WAN Link of type "Public" for the connection types "Local Breakout" and "Overlay".

      • Private - This represents a private link (for example, MPLS).

        Important - You can use a WAN Link of type "Private" only for the connection type "Overlay" (you cannot use it for the connection type "Local Breakout").

   3. In the Name field, enter a short name that represents this WAN Link.

      This name appears in the Steering Behavior configuration.

   4. Optional: In the Comment field, enter an applicable text that describes this WAN Link.

   5. Click OK.

6. Configure the WAN Link Mapping.

   The WAN Link Mapping page shows this table:

   #	Gateways	Name of WAN Link #1	Name of WAN Link #2	Name of WAN Link #...	Comment
   1	Name of Security Gateway Object #1
   2	Name of Security Gateway Object #2
   3	Name of Security Gateway Object #...
   ...	Any

   Notes: The column "Gateways" shows only the Security Gateways that you added to profiles of type SD-WAN Profile. In the column "Gateways", in the same cell you can select (group) Security Gateways that need the same WAN Link Mapping settings (for example, total bandwidth). By default, all cells are empty in the WAN Link columns. This means the SD-WAN Policy does not apply to the WAN Link. In the column "Gateways", you can hover on the Security Gateway object to see the summary of the WAN Link Mapping configuration. The last row with the object "Any" in the column "Gateways" is a fallback for WAN Link Mapping - which interface to use if an administrator did not configure WAN Link Mapping explicitly. This row automatically applies to all Security Gateways that are not configured explicitly in this table. If the icon appears in the column "#", it means another administrator is currently making changes in that row. Hover over the lock icon to see the name of that administrator. The lock disappears after that administrator clicks Publish and Enforce. If the icon appears in the column "#", it means you made changes in that row, but did not click Publish and Enforce yet. If the appears in the column "#", it means there is a major error with the Security Gateway. If the icon appears next to the Security Gateway name in the column "Gateways", it means either the Nano-Agent on that Security Gateway is not connected to the SD-WAN service, or that Security Gateway does not have an Access Control policy installed. If the icon appears next to the interface name in a WAN Link column, it means such an interface name does not exist on any of the Security Gateways in this table. If the icon appears next to the tag in a WAN Link column, it means such an interface tag does not exist on any of the Security Gateways in this table. If the icon appears next to the tag in a WAN Link column, it means this interface tag is already mapped to another WAN Link. If the red oval frame with the icon appears around an object, it means this object is no longer available - an administrator deleted this object on the Management Server, which updated Infinity Portal. By design, Infinity Portal does not delete such objects from your configuration. You must manually change all places that contain this deleted object.

   Follow these steps in the applicable row:

   1. To add a new row, from the top toolbar click New.

      The new row appears at the top of the table.

   2. In the column "Gateways", click "(+)".

      Note - To remove an object from this column, hover over it and click "x".

   3. Select the applicable Security Gateway / Cluster objects.

   4. Click OK.

   5. In the applicable column "<Name of WAN Link>", click (+).

      The WAN Link Mapping Rule window opens.

   6. In the section Interface Mapping, configure how to match traffic to an interface - only by the name, only by the tag, or both:

      • Select By name and select either one of the existing names, or Other (Custom) and enter the required interface name.

      • Select By tag and select either one of the existing tags, or Other (Custom) and enter the required interface tag.

        Note - Administrators configure these tags on the Security Gateway, in the interface properties.

        • For on-premises Management Server, see Step 3 - Configuration on Security Gateways > "Part 2 - Configuration of SD-WAN interfaces on the Security Gateway".

        • For Smart-1 Cloud, see Step 3 - Configuration on Security Gateways > "Part 2 - Configuration of SD-WAN interfaces on the Security Gateway"

   7. In the section Bandwidth, configure the total bandwidth for the interface - upload and download.

      Important:

      • For more information about QoS, see EA Feature: QoS in SD-WAN.

      • Make sure to enter the values that match the ISP bandwidth.

      • If you configure bandwidth values in the interface settings in the Gaia OS on the Security Gateway, then those local values override the values in WAN Link Mapping.

   8. In the section QoS, configure the required bandwidth limits for the interface - upload and download.

      In the field Default QoS Action, select the required QoS object.

      After you select a QoS object, you hover over it to see its settings.

      For more information about QoS, see EA Feature: QoS in SD-WAN.

   9. In the column "Comment", click in the cell, enter the applicable text, and press the Enter key.

      If this table contains many WAN Links, use the horizontal scrollbar below this table.

7. From the top toolbar, click Publish to save the changes.

8. From the top toolbar, click Enforce to apply the changes.

   The orange frame on this button means there are changes that are not enforced.

   

   In the popup window that opens, click Publish & Enforce Policy.