SD-WAN over HSM 5.

Why we need SD-WAN

With the continuous growth of enterprise business applications, the scale of wide-area
networks is gradually expanding. In multi-branch networking scenarios, enterprises often
deploy multiple egress security gateway devices to achieve secure interconnection and
communication between branches and headquarters.
Usually, egress gateway equipment focuses on network interconnection and security
protection. The continuous increase of equipment makes it impossible for operation and
maintenance administrators to perform unified management of equipment. In the absence of
effective centralized management methods, multiple devices are always deployed. Operation
in isolation makes it impossible for operation and maintenance managers to effectively
monitor the status of the equipment from a global perspective, and it is also impossible to
implement the entire network link management.

HSM v5.0.0
HSM v5.0.0 (Hillstone Security Management) software and hardware integrated security
management platform, for multi-branch network scenarios, can provide professional SD-
WAN controller capabilities, comprehensive use of equipment management, configuration
management, monitoring management and alarm management And other modules, to solve
the problems of low efficiency of wide-area network operation and maintenance, unintuitive
network conditions, and difficulty in link fault location, and deliver a safe, intelligent, and visual
SD-WAN solution in an integrated manner..

Deployment Topology
We use three Cloudedges to build a Hub-Spoken VPN, with dual wan links.
Configuration Instructions

Firstly, we need to import a new configuration file ZTP template to HSM from the brand new
cloudedge. Then name it cloudedge. You can modify the other select if you want and save.

Sec
Then we need to connect Hub device to the HSM manually.

After the Hub connection is stable. Edit the Hub device with local wan interface with IP
address and zone information. In the topology, there will be two WAN interfaces.
After that, click on the Link Management with add option. Select the operator and interface
and save.
At third, we click on the configuration>VPN>Star Network with new star network option.
Then we need to input the name of VPN, we also can change the proposal 1,2 and
preshared-key in advanced.
Then choose the Hub device, enable the WAN1,2 and fill in the Public IP address.
Select new model and connect WAN1 and WAN2 between Hub and Spoke.
And we should get the SNs of the spoke1,2. Add device and fulfill the below blank.
The fourth steps, select the Spoken device 1 and 2 Export the device configuration and
import to the cloudedges. You can disable and enable the hsm connection from the spoke
devices. Then you will see activing, vpn deploying. It will turn to Activated if the VPN
deployment is successed.
You can check not only the logging tab but also the monitor tab for the details of this SD-
WAN over HSM5.0.0 deployment..
At last please use the Task Management>Task Center to monitor task deployment.
.
ThenY
We also can check the Hub-Spoken deployment via CLI
One more thing:
1, Please don’t not use IP address such as 172.20.0.0/16 or 172.21.0.0/16. The sd-wan may
use these IP address for tunnel IP setting.
2. Please check the IPSec VPN license by show capacity all before the deployment. The task
may failed due to VPN license limits.
3. Please modify the clock and keep the time close between Hub-spoken and HSM.
4. For the Hub device, add IP or modify the interface configuration before the add them into
link Management. Create new vpn network at last.
5. The SD-WAN Is an increment on configuration. As long as there is no conflict, you can
keep the original configuration.
If there is any more question, please contact with TAC.