Aruba Edge User guide

Using Aruba Orchestrator - 9.1.3

January 13, 2023

Using Aruba Orchestrator - 9.1.3 January 13, 2023

Copyright and Trademarks

©

subject to change without notice. The only warranties for Hewlett Packard Enterprise products and

services are set forth in the express warranty statements accompanying such products and services.

Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise

shall not be liable for technical or editorial errors or omissions contained herein. Aruba Networks and

the Aruba logo are registered trademarks of Aruba Networks, Inc. Third-party trademarks mentioned

are the property of their respective owners. To view the end-user soware agreement, go to: Aruba EULA

Support

For product and technical support, contact support at either of the following:

1.800.943.4526 (toll-free in USA and Canada)

+1.408.941.4300

www.silver-peak.com/support

We are dedicated to continually improving our products and documentation. If you have suggestions

or feedback for our documentation, send an e-mail to sp-[email protected]om.

Aruba EdgeConnect SD-WAN Edge Platform 2

T  C

Using Aruba Orchestrator - 9.1.3 17

What’s New 18

Orchestrator 9.1.3 ......................................... 18

Zscaler GRE Tunnel Automation .............................. 18

Zscaler Supports Bandwidth Percentage in Gateway Options .............. 18

Update Now Button Added to Application Definitions .................. 18

Getting Started 19

Supported Browsers ....................................... 19

Guidelines for Creating Passwords ................................ 19

Overview of SD-WAN Prerequisites ............................... 19

Menu Options 22

Monitoring ......................................... 22

Configuration ........................................ 22

Administration ....................................... 22

Orchestrator ........................................ 22

Support ........................................... 23

Monitoring ............................................ 23

Monitoring > Summary ................................... 23

Dashboard ..................................... 23

Topology ...................................... 24

Health Map ..................................... 26

Alarms Tab ..................................... 28

Disable Alarms ............................... 29

Customize Alarms ............................. 29

Alarm Severity ............................... 29

Alarm Recipients .............................. 30

Additional Alarm Indications ....................... 30

Export Alarm Descriptions ......................... 30

List of Alarms ................................ 31

EdgeConnect Appliance Alarms ................... 31

Orchestrator Alarms ......................... 49

Monitoring > Reporting ................................... 71

Schedule and Run Reports ............................ 71

View Reports .................................... 72

Sample Report ............................... 73

Scheduled and Historical Jobs .......................... 73

Monitoring > Bandwidth .................................. 74

Overlay-Interface-Transport ............................ 74

Interface Bandwidth Trends ............................ 75

Interface Summary ................................. 76

Application Bandwidth .............................. 77

3

Using Aruba Orchestrator - 9.1.3 January 13, 2023

Application Pie Charts ............................... 77

Application Trends ................................. 78

Top Talkers ..................................... 79

Domains ...................................... 80

Countries ...................................... 81

Ports ........................................ 82

Traic Behavior .................................. 83

Appliance Bandwidth ............................... 84

Appliance Max Bandwidth ............................. 85

Appliance Bandwidth Utilization ......................... 86

Appliance Bandwidth Trends ........................... 86

Appliance Packet Counts ............................. 86

Tunnels Bandwidth ................................ 87

Show Underlays .............................. 87

Traceroute ................................. 88

Live View .................................. 88

Tunnels Pie Charts ................................. 89

Tunnel Bandwidth Trends ............................. 90

Tunnel Packet Counts ............................... 91

DRC Bandwidth Trends .............................. 92

Dynamic Rate Control ........................... 92

Flows - Active and Recent ............................. 93

Reset or Reclassify Flows ......................... 94

Additional Information about Flows ................... 95

ECOS 9.1 Behavior Changes ..................... 95

ICMP/UDP Flows ........................... 95

TCP Non Accelerated Flows ..................... 95

TCP Accelerated Flows ........................ 95

Outbound and Inbound ....................... 96

Appliance Flow Counts .............................. 97

Appliance Flow Trends ............................... 97

Tunnel Flow Counts ................................ 98

DSCP Bandwidth .................................. 98

DSCP Pie Charts .................................. 99

DSCP Trends .................................... 100

Traic Class Bandwidth .............................. 101

Traic Class Pie Charts ............................... 102

QoS (Shaper) Trends ................................ 102

Shaper Summary ................................. 103

Boost Tab ...................................... 104

Boost Trends ................................ 105

Change Boost Configuration ........................ 105

Firewall Drops ................................... 106

Monitoring > Tunnel Health ................................ 107

Live View ...................................... 107

Loss Summary ................................... 107

Loss Trends ..................................... 108

Jitter Summary .................................. 109

Jitter Trends .................................... 110

Latency Summary ................................. 111

Latency Trends ................................... 112

Aruba EdgeConnect SD-WAN Edge Platform 4

Using Aruba Orchestrator - 9.1.3 January 13, 2023

Out of Order Packets Summary .......................... 113

Out of Order Packets Trends ............................ 114

Mean Opinion Score (MOS) Summary ....................... 115

Mean Opinion Score (MOS) Trends ........................ 116

Tunnels Summary ................................. 117

Configuration ........................................... 118

Configuration > Overlays & Security ............................ 118

Business Intent Overlays .............................. 118

Overview .................................. 119

SD-WAN Traic to Internal Subnets .................... 119

Building SD-WAN Using These Interfaces .............. 120

Service Level Objective ........................ 120

Link Bonding Policy .......................... 120

QoS, Security, and Optimization ................... 121

Breakout Traic to Internet and Cloud Services ............. 121

Hub Versus Branch Breakout Settings ................ 121

Preferred Policy Order and Available Policies ............ 122

Break Out Locally Using These Interfaces, Available Interfaces, and

Link Selection ..................... 122

Apply Overlays ................................... 123

Interface Labels .................................. 123

Manage Labels ............................... 123

Create a Label ............................. 124

Edit a Label .............................. 125

Delete a Label ............................. 125

Hubs ........................................ 125

Deployment Profiles ................................ 126

Map Labels to Interfaces .......................... 126

LAN-side Configuration: Segments and Firewall Zones ......... 126

LAN–side Configuration: DHCP ...................... 127

WAN–side Configuration .......................... 128

A More Comprehensive Guide to Basic Deployments .......... 130

Bridge Mode ................................ 130

Router Mode ................................ 131

Server Mode ................................ 134

Deployment - EdgeConnect HA .......................... 134

Enable EdgeConnect HA Mode ...................... 135

IPSec over UDP Tunnel Configuration ................... 135

VRRP Configuration ............................ 135

LAN-side Monitoring ............................ 135

Firewall Zones ................................... 136

Internet Traic ................................... 136

IPSec Pre-Shared Key Rotation .......................... 137

Failure Handling and Orchestrator Reachability ............. 137

Schedule IPSec Key Rotation Dialog Box ................. 138

Intrusion Detection System (IDS) ......................... 138

Prerequisites ................................ 139

Enable or Disable IDS on Appliances ................... 139

Enable or Disable Rules with the IDS Allow List .............. 140

Specify Traic to Be Inspected ...................... 141

Advanced Reporting and Analytics .................... 142

Aruba EdgeConnect SD-WAN Edge Platform 5

Using Aruba Orchestrator - 9.1.3 January 13, 2023

SSL Certificates Tab ................................ 143

SSL Certificates Edit Row ............................. 144

SSL CA Certificates Tab .............................. 145

SSL CA Certificates Edit Row ............................ 145

SSL for SaaS Tab .................................. 146

SSL for SaaS Edit Row ............................... 147

Discovered Appliances ............................... 148

Preconfigure Appliances .............................. 149

Appliance Configuration Wizard .......................... 150

EC-Enterprise Licenses ............................... 153

Assign a License to an Appliance ..................... 153

EC-Metered Licenses ................................ 154

Assign a License to an Appliance ..................... 155

Bandwidth Usage Report ......................... 155

Feature License Usage Report ....................... 155

Cloud Portal .................................... 156

Configuration > Networking ................................ 156

Deployment Tab .................................. 156

Deployment Dialog Box .............................. 158

Enable EdgeConnect HA ....................... 158

LAN-side Monitoring ......................... 159

Map Labels to Interfaces ....................... 159

LAN-side Configuration: Segments and Firewall Zones ....... 160

LAN–side Configuration: DHCP .................... 160

WAN–side Configuration ....................... 161

Interfaces Tab ................................... 163

Terminology ................................ 164

Interfaces Edit Row ................................. 164

NAT ......................................... 166

NAT Rules and Pools ................................ 166

NAT Pools ............................... 167

VRRP Tab ...................................... 167

VRRP Edit Row ................................... 168

VRRP Tab Settings ............................. 168

WCCP Tab ...................................... 168

WCCP Edit Row ................................... 169

PPPoE Tab ..................................... 172

Loopback Interfaces ................................ 175

Loopback Orchestration .............................. 175

Virtual Tunnel Interfaces (VTI) ........................... 176

VTI Dialog Box ............................... 176

DHCP Server Defaults ............................... 177

DHCP Settings ............................... 177

DHCP Leases .................................... 179

DHCP Failover ................................... 179

DHCP Failover State ................................ 180

Link Aggregation .................................. 181

View Aggregation Details ......................... 181

Modify Link Aggregation .......................... 182

Add a Channel Group ......................... 182

Modify a Channel Group ....................... 183

Aruba EdgeConnect SD-WAN Edge Platform 6

Using Aruba Orchestrator - 9.1.3 January 13, 2023

Delete a Channel Group ....................... 183

Regions ....................................... 183

Regional Routing ........................... 183

View Status .............................. 184

Edit Regions .............................. 184

Routing Segmentation ............................... 185

Segment Configuration ........................ 185

Delete a Segment ........................... 188

Management Services ............................... 189

Management Services Dialog Box ......................... 189

Inter-Segment Routing and D-NAT Exceptions .................. 190

Inter-Segment S-NAT Exceptions ......................... 191

BGP Tab ...................................... 191

BGP Information .................................. 193

Add Peer ...................................... 194

BGP Inbound and Outbound Route Redistribution Maps ............ 195

BGP ASN Global Pool ................................ 197

Routes Tab ..................................... 197

Route Maps ................................. 197

Edit or Add Routes ................................. 201

Add Routes .................................202

Import Subnets ..................................203

SD-WAN Fabric Route Redistribution Maps .................... 203

OSPF Tab ......................................204

OSPF Edit Row ...................................205

Add Interface ....................................205

OSPF Route Redistribution Maps .........................206

Multicast ......................................208

Multicast Dialog Box ................................208

Peer Priority Tab ..................................209

Peer Priority Edit Row ............................... 210

Admin Distance Tab ................................ 211

Admin Distance Edit Row ............................. 211

Management Routes Tab ............................. 211

Tunnels Tab .................................... 212

Troubleshooting .............................. 214

Use Passthrough Tunnels ......................... 214

Tunnels Edit Row .................................. 214

Use Passthrough Tunnels ......................... 215

Add a Tunnel ............................. 215

Tunnel Exception ..................................220

Schedule Auto MTU Discovery ........................... 221

Configuration > Policies .................................. 221

DNS Proxy Policies ................................. 221

Configure DNS Proxy Policies ........................... 222

Route Policies Tab ................................. 222

Priority ................................... 223

Match Criteria ............................... 223

Source or Destination ........................... 223

Wildcard-based Prefix Matching ...................... 223

Aruba EdgeConnect SD-WAN Edge Platform 7

Using Aruba Orchestrator - 9.1.3 January 13, 2023

Route Policies Edit Row .............................. 224

Priority ................................... 224

Match Criteria ............................... 224

Source or Destination ........................... 225

Wildcard-based Prefix Matching ...................... 225

QoS Policies Tab .................................. 225

Handle and Mark DSCP Packets ...................... 226

Apply DSCP Markings to Optimized (Tunnelized) Traic ...... 226

Apply DSCP Markings to Pass-through Traic ............228

Priority ................................... 229

Match Criteria ............................... 229

Source or Destination ...........................230

Wildcard-based Prefix Matching ......................230

QoS Policies Edit Row ...............................230

Handle and Mark DSCP Packets ......................230

Apply DSCP Markings to Optimized (Tunnelized) Traic ...... 231

Apply DSCP Markings to Pass-through Traic ............ 232

Priority ...................................234

Match Criteria ............................... 234

Source or Destination ...........................234

Wildcard-based Prefix Matching ...................... 234

Schedule QoS Map Activation ........................... 235

Optimization Policies Tab ............................. 235

Priority ...................................236

Match Criteria ............................... 236

Source or Destination ...........................236

Wildcard-based Prefix Matching ...................... 237

Set Actions ................................. 237

TCP Acceleration Options .............................238

Optimization Policies Edit Row .......................... 241

Priority ................................... 241

Match Criteria ............................... 241

Source or Destination ........................... 242

Wildcard-based Prefix Matching ...................... 242

Set Actions ................................. 242

TCP Acceleration Details .......................... 244

NAT Policies Tab .................................. 246

Advanced Settings .............................248

Match Criteria ............................. 248

Source or Destination ........................ 249

Wildcard-based Prefix Matching ................... 249

Set Actions .............................. 249

Merge / Replace ............................250

NAT Policies Edit Row ...............................250

Advanced Settings ............................. 251

Match Criteria ............................. 252

Source or Destination ........................ 252

Wildcard-based Prefix Matching ................... 252

Set Actions .............................. 253

Inbound Port Forwarding ............................. 253

Aruba EdgeConnect SD-WAN Edge Platform 8

Using Aruba Orchestrator - 9.1.3 January 13, 2023

Security Policies Tab ................................ 255

Wildcard-based Prefix Matching ......................256

Security Policies Edit Row .............................256

Wildcard-based Prefix Matching ...................... 257

Access Lists Tab .................................. 257

Match Criteria ............................... 258

Wildcard-based Prefix Matching ...................... 259

Access Lists Edit Row ................................ 259

Address Groups .................................. 259

Add an Address Group ...........................260

Add a Rule to an Address Group ...................... 261

Delete an Address Group ......................... 262

Export Address Groups ........................... 262

Import Address Groups .......................... 262

View a Single Address Group ....................... 263

Edit or Delete a Rule ............................ 263

Using Address Groups in Match Criteria ..................264

Address Group Formats ..........................264

Service Groups ................................... 265

Add a Service Group ............................ 265

Add a Rule to a Service Group ....................... 267

Delete a Service Group ........................... 267

Export Service Groups ...........................268

Import Service Groups ...........................268

View a Single Service Group ........................269

Edit or Delete a Rule ............................269

Using Service Groups in Match Criteria .................. 270

Shaper Tab ..................................... 270

SaaS Optimization Tab ............................... 273

Configure for SaaS Optimization ..................... 273

SaaS Optimization Dialog Box ........................... 273

Application Definitions .............................. 274

Application Groups Tab .............................. 275

Threshold Crossing Alerts Tab ........................... 276

ON by Default ............................. 278

OFF by Default ............................ 278

Threshold Crossing Alerts Edit Row ........................ 279

IP SLA Tab ..................................... 279

IP SLA Monitor Use Cases ......................... 279

IP SLA Edit Row ...................................286

Monitor ...................................286

Actions ................................... 287

Configuration > Templates ................................. 287

Templates Overview ................................288

Template Groups ..................................288

System Template ..................................288

Auth/Radius/TACACS+ Template ......................... 291

Authentication and Authorization ..................... 291

Appliance-based User Database ...................... 291

RADIUS ................................... 291

TACACS+ .................................. 292

Aruba EdgeConnect SD-WAN Edge Platform 9

Using Aruba Orchestrator - 9.1.3 January 13, 2023

What Is Recommended .......................... 292

Flow Export Template ............................... 292

Logging Template ................................. 292

Minimum Severity Levels ......................... 293

Configure Remote Logging ........................294

Banner Messages Template ............................294

HTTPS Certificate Template ............................ 295

User Management Template ............................ 297

Default User Accounts ........................... 297

Command Line Interface Privileges .................... 297

DNS Template ................................... 297

Date/Time Setting .................................298

Data Collection ...............................298

SNMP Template ..................................298

SNMP v1/v2 ..............................298

SNMP v3 ................................299

Trap Receivers ............................299

SSL Certificates Template .............................300

SSL CA Certificates Template ........................... 301

SSL for SaaS Template ...............................302

Tunnels Template ................................. 303

VRRP Template ...................................305

Peer Priority Template ............................... 307

Route Redistribution Maps Template .......................308

Routes Template ..................................308

BGP Template ...................................309

OSPF Template ................................... 310

Admin Distance Template ............................. 312

Access Lists Template ............................... 312

Priority ................................... 313

Match Criteria ............................... 314

Source or Destination ........................... 314

Wildcard-based Prefix Matching ...................... 314

Route Policies Template .............................. 314

Why? .................................... 315

Priority ................................... 315

Match Criteria ............................... 315

Source or Destination ........................... 316

Wildcard-based Prefix Matching ...................... 316

Set Actions Fields ............................. 316

Where the Appliance Directs Traic ................. 316

How Traic Is Managed If a Tunnel Is Down ............. 317

QoS Policies Template ............................... 317

Priority ................................... 317

Match Criteria ............................... 318

Source or Destination ........................... 318

Wildcard-based Prefix Matching ...................... 318

Handle and Mark DSCP Packets ...................... 318

Apply DSCP Markings to Optimized (Tunnelized) Traic ...... 319

Apply DSCP Markings to Pass-through Traic ............320

Aruba EdgeConnect SD-WAN Edge Platform 10

Using Aruba Orchestrator - 9.1.3 January 13, 2023

Optimization Policies Template .......................... 322

Priority ................................... 322

Match Criteria ............................... 322

Source or Destination ........................... 322

Wildcard-based Prefix Matching ...................... 323

Set Actions Fields ............................. 323

TCP Acceleration Options ............................. 324

SaaS NAT Policies Template ............................ 327

When to NAT ................................ 327

Advanced Settings .............................328

Match Criteria ............................. 329

Source or Destination ........................ 329

Wildcard-based Prefix Matching ................... 329

Set Actions ..............................330

Merge / Replace ............................ 330

Threshold Crossing Alerts Template ........................330

ON by Default ............................. 331

OFF by Default ............................ 332

TCA Metrics ................................. 332

SaaS Optimization Template ........................... 333

TIPS ..................................... 334

Security Policies Template ............................. 334

Implicit Drop Logging ......................... 335

Template ............................... 335

Wildcard-based Prefix Matching ...................... 335

DNS Proxy Policies ................................. 336

Shaper Template .................................. 336

Dynamic Rate Control ........................... 337

Management Services Template ......................... 339

CLI Template .................................... 339

Session Management Template .......................... 339

Apply Template Groups .............................. 341

Configuration > Cloud Services .............................. 341

AWS Transit Gateway Network Manager ..................... 341

Prerequisites for AWS Transit Gateway Network Manager . . . . . 341

Orchestrator Configuration ...................... 345

Microso Azure Virtual WAN ............................349

Microso Azure Prerequisites .......................350

Orchestrator Prerequisites .........................350

Orchestrator Configuration ........................350

Verification ................................. 352

Check Point CloudGuard Connect ......................... 352

Subscription ............................. 352

Interface Labels ............................ 353

Tunnel Settings ............................ 353

LAN Subnets ............................. 353

Enabling Check Point CloudGuard Connect ............. 353

Verification .............................. 353

Import and Export Subnets ............................ 353

Microso Oice 365 ................................ 355

Aruba EdgeConnect SD-WAN Edge Platform 11

Using Aruba Orchestrator - 9.1.3 January 13, 2023

Zscaler Internet Access .............................. 355

Configure Zscaler .............................356

Subscription .............................356

Interface Labels ............................ 357

Tunnel Settings ............................ 357

Service Edge Override ........................358

IP SLA .................................358

Country / Timezone ......................... 359

Gateway Options ........................... 359

Zscaler Association ..........................360

Pause Orchestration .........................360

Using Zscaler for Breakout Traic .....................360

Verify Zscaler Deployment ......................... 361

Service Orchestration ............................... 361

Prerequisites ................................ 361

Remote Endpoint Configuration ...................... 362

Add Endpoints One at a Time ....................362

Add Endpoints in Bulk ........................ 363

Bulk Edits ..................................363

Interface Labels .............................. 363

Tunnel Settings ...............................364

IP SLA Settings ...............................364

Pause Orchestration (Optional) ......................364

+BIO Breakout ...............................364

Remote Endpoint Association .......................365

Add Tunnel Local Identifiers to Netskope .................365

Verification .................................365

Set Up a New Service ...........................366

Deploy Cloud Hubs .................................366

Cloud Hubs in AWS ................................. 367

Create or Modify an AWS Account .....................368

Deploy a New EC-V .............................368

Remove an EC-V ..............................368

AWS Accounts ...................................368

AWS Account Configuration ............................369

Create a Policy with Required Permissions ................369

Attach Policy to the Orchestrator IAM User Account ...........369

Download Orchestrator IAM User Account Credentials ..........369

Create a Key Pair to Assign to EC-Vs ....................369

Add the AWS Account to Orchestrator ................... 370

AWS Deployment Configuration .......................... 370

Cloud Hubs in Azure ................................ 372

Create or Modify an Azure Subscription .................. 373

Deploy a New EC-V ............................. 373

Remove an EC-V .............................. 373

Azure Subscriptions ................................ 374

Add New Azure Subscription ....................... 374

Edit an Existing Azure Subscription .................... 374

Azure Subscription Configuration ......................... 374

Accept Azure Marketplace Image Terms .................. 375

Create a New App Registration ...................... 377

Aruba EdgeConnect SD-WAN Edge Platform 12

Using Aruba Orchestrator - 9.1.3 January 13, 2023

Create a New Resource Group ....................... 377

Create a Custom Role ........................... 378

Assign the Custom Role to the Resource Group .............. 381

Add the Azure Subscription to Orchestrator ............... 381

Deployment Configuration Azure .........................382

Administration ..........................................384

Administration > General Settings .............................384

Appliance User Accounts Tab ...........................384

Appliance User Accounts Edit Row ........................385

Auth/RADIUS/TACACS+ Tab ............................386

Authentication and Authorization .....................386

RADIUS and TACACS+ ...........................386

Auth/RADIUS/TACACS+ Edit Row ......................... 387

Authentication Order ......................... 387

Authorization Information ...................... 387

Authentication and Authorization ..................... 387

RADIUS and TACACS+ ........................... 387

Date/Time Tab ...................................388

Date/Time Dialog Box ...............................389

DNS (Domain Name Servers) Tab .........................389

DNS (Domain Name Servers) Edit Row ......................390

SNMP Tab ......................................390

SNMP Overview ..............................390

Modify SNMP Configuration ........................390

SNMP v1/v2 .............................. 391

SNMP v3 ................................ 391

Trap Receivers ............................ 391

Modify SNMP Configuration ............................ 392

SNMP v1/v2 ................................. 392

SNMP v3 .................................. 392

Trap Receivers ............................... 393

Flow Export Tab ..................................394

Custom Information Elements .......................394

Flow Export Edit Row ............................... 397

Logging Tab ....................................398

Severity Levels ...............................398

Remote Logging ..............................399

Logging Edit Row ..................................399

Log Settings ................................399

Log Facilities Configuration ........................399

Remote Log Receivers ...........................399

Banners Tab ....................................400

Banners Edit Row .................................400

HTTPS Certificate Tab ...............................400

HTTPS Certificate Edit Row ............................ 401

Orchestrator Reachabililty Tab ..........................402

Custom Appliance Tags ..............................402

Administration > Soware .................................403

System Information ................................403

Soware Versions .................................408

Upgrade Appliance Soware ...........................408

Aruba EdgeConnect SD-WAN Edge Platform 13

Using Aruba Orchestrator - 9.1.3 January 13, 2023

Appliance Configuration Backup .........................409

View Configuration History ............................ 411

Restore a Backup to an Appliance ......................... 411

Remove Appliance from Orchestrator ....................... 412

Remove Appliance from Orchestrator and Account ............... 413

Administration > Tools ................................... 413

Synchronize Appliance Configuration ....................... 413

Put the Appliance in System Bypass Mode .................... 414

Broadcast CLI Commands ............................. 415

Link Integrity Test ................................. 416

TCPPERF Version 1.4.8 ........................... 417

Disk Management ................................. 422

Erase Network Memory .............................. 423

Reboot or Shut Down an Appliance ........................ 424

Behavior During Reboot .......................... 425

Schedule an Appliance Reboot .......................... 425

Behavior During Reboot .......................... 426

Reachability Status Tab ..............................426

Active Sessions Tab ................................ 427

Orchestrator ...........................................428

Orchestrator > Orchestrator Server ............................428

Role Based Access Control .............................429

Roles ....................................429

Appliance Access ..............................430

Assign Roles and Appliance Access .................... 431

View Orchestrator Server Information ...................... 432

Restart, Reboot, or Shutdown ........................... 432

Manage Orchestrator Users ............................ 432

Add a User ................................. 433

Multi-Factor Authentication ........................ 433

Configuring Multi-Factor Authentication Through an Application . 433

Configuring Multi-Factor Authentication Through Email ......434

Using Multi-Factor Authentication .................. 435

Modify User ..................................... 435

API Key .......................................436

Remote Authentication .............................. 437

Configure a RADIUS or TACACS+ Server ..................438

Authenticate Using RADIUS or TACACS+ ...............438

Configure an OAuth Server ........................439

Prerequisites .............................439

Register Orchestrator as an App ...................439

Configure OAuth Server Properties in Orchestrator .........439

Configure a JWT Server .......................... 441

Configure a SAML Server ..........................443

SAML and Orchestrator Configuration ................443

Cloud Portal ....................................446

Audit Logs .....................................446

Orchestration Settings ............................... 447

Maintenance Mode .................................448

Set Maintenance Mode Using the Menu Available from the Appliance Tree

449

Set Maintenance Mode Using the Orchestrator Menu ..........449

Aruba EdgeConnect SD-WAN Edge Platform 14

Using Aruba Orchestrator - 9.1.3 January 13, 2023

Tunnel Settings Tab ................................449

General Tab .................................449

IKE Tab ................................... 452

IPSec Tab .................................. 453

Orchestrator Blueprint Export ........................... 453

Brand Customization ................................454

Orchestrator > Soware & Setup .............................. 455

Upgrade Orchestrator Soware .......................... 455

Upgrade via HTTP .............................456

Upgrade via SCP ..............................456

Check for Orchestrator and Appliance Soware Updates ............456

Back Up on Demand ................................ 457

Schedule Orchestrator Backup .......................... 457

Schedule Stats Collector Backup .........................458

SMTP Server Settings ...............................460

Proxy Configuration ................................460

Orchestrator HTTPS Certificate .......................... 461

Timezone for Scheduled Jobs ...........................462

Orchestrator Advanced Properties ........................462

Change the Orchestrator Log Level ........................463

Minimum Severity Levels .........................464

IP Allow List ....................................464

Orchestrator Getting Started Wizard .......................465

Statistics Retention ................................466

Stats Collector Configuration ...........................467

Prerequisites ................................ 467

Before You Begin ..............................467

Create a Remote Stats Collector ...................468

Authenticate the Remote Stats Collector ..............468

Configure the New Stats Collector Feature ................468

Add Remote Stats Collectors .....................469

Delete a Remote Stats Collector ...................469

Associate Appliances with a Remote Stats Collector ........469

Associate Appliances with the Predefined Local Stats Collector . . 470

Enable the New Stats Collector ................... 470

Discontinue Legacy Stats Collection ................. 471

Notification Banner ................................ 471

Orchestrator > Aruba Central ................................ 471

Aruba Central Site Mapping ............................ 471

Prerequisites ................................ 472

Create Aruba Central Sites in Bulk .................. 473

Create an Aruba Central Account in Orchestrator ............. 473

Edit EdgeConnect to Aruba Central Site Mapping ............ 474

Check for Site List Updates ........................ 474

ClearPass Policy Manager ............................. 475

Manage ClearPass Policy Manager Accounts ............... 476

View ClearPass Policy Manager Accounts .............. 476

Add a ClearPass Policy Manager Server ............... 476

Edit a ClearPass Policy Manager Server ............... 477

Pause ClearPass Policy Manager Integration ............... 477

Aruba EdgeConnect SD-WAN Edge Platform 15

Using Aruba Orchestrator - 9.1.3 January 13, 2023

Support .............................................. 477

Support > Technical Assistance .............................. 477

Tech Support - Appliances ............................. 477

Tech Support - Orchestrator ............................ 478

Take Action with Files ........................... 478

Log In to the Support Portal ............................ 479

Monitor Transfer Progress ............................. 479

Packet Capture ...................................480

Upload Local Files .................................480

Create a Support Case ............................... 481

Partition Management ............................... 481

Remote Log Receivers ...............................482

HTTP Receiver Settings ........................482

HTTPS Receiver Settings .......................483

KAFKA Receiver Settings .......................483

SYSLOG Receiver Settings ......................483

WEBSOCKET Receiver Settings ....................484

WebSocket Receiver Configuration .................484

Routing Peers Table ................................485

RMA Wizard .....................................485

Run the RMA Wizard ............................486

Add a Backup Appliance .......................... 487

Upgrade and Downgrade ......................... 487

Support > User Documentation .............................. 487

Alarm Descriptions .................................487

Built-in Policies ...................................488

Support > Reporting ....................................488

Realtime Charts ..................................489

Historical Charts ..................................489

Appliance Charts ..................................490

Internal Drop Trends ................................ 491

Appliance Memory Trends .............................493

System Performance ................................494

Appliance CPU Usage ...............................495

Appliance Crash Report ..............................496

Orchestrator Debug ................................ 497

IPSec UDP Status .................................. 497

Unverified Emails .................................498

Aruba EdgeConnect SD-WAN Edge Platform 16

U A O - ..

This guide contains information about how to get started with Aruba Orchestrator and how to use

Orchestrator to manage your Aruba EdgeConnect SD-WAN Edge Platform products.

17

W’ N

This page provides a brief description and links to additional information about new features in the

recent Orchestrator release.

Orchestrator 9.1.3

The following features were introduced in Orchestrator 9.1.3:

Zscaler GRE Tunnel Automation

Orchestrator now supports GRE (in addition to IPsec) tunnel automation as the tunnel protocol for a

specified WAN interface label. For more information, see Zscaler Internet Access.

Zscaler Supports Bandwidth Percentage in Gateway Options

In addition to bandwidth control options that use fixed amounts of bandwidth and inherit bandwidth

values from parent locations, it is now possible to specify download/upload as percentages of the

deployment WAN label’s bandwidth. For more information, see Zscaler Internet Access.

Update Now Button Added to Application Definitions

An Update Now button now provides the ability to force an update of application definitions outside of

automatic updates. For more information, see Application Definitions.

18

G S

Orchestrator enables you to globally monitor performance and manage EdgeConnect (EC) appliances,

whether you are configuring a WAN Optimization network (NX, VX, or VRX appliances) or an SD-WAN

network (EC or EC-V appliances).

On this page:

•Supported Browsers

•Guidelines for Creating Passwords

•Overview of SD-WAN Prerequisites

Supported Browsers

Orchestrator and the Appliance Web user interfaces support the following browsers:

•Google Chrome (recommended)

•Microso Edge

•Mozilla Foxfire

•Opera

•Safari

We recommend that you use the latest version available for your browser.

Guidelines for Creating Passwords

•Passwords should be a minimum of eight characters.

•There should be at least one lower case letter and one upper case letter.

•There should be at least one digit.

•There should be at least one special character.

•Consecutive letters in the password should not be dictionary words.

Overview of SD-WAN Prerequisites

With Orchestrator, you create virtual network overlays to apply business intent to network segments.

Provisioning a device is managed by applying profiles.

19

Using Aruba Orchestrator - 9.1.3 January 13, 2023

•Interface Labels associate each interface with a use.

– LAN labels refer to traic type, such as VoIP,data, or replication.

– WAN labels refer to the service or connection type, such as MPLS,internet, or Verizon.

•Deployment Profiles

configure the interfaces and map the labels to them, to characterize the

appliance.

•Business Intent Overlays

use the Labels specified in Deployment Profiles to define how traic

is routed and optimized between sites. These overlays can specify preferred paths and can link

bonding policies based on

application

,

VLAN

, or

subnet

, independent of the brand and physical

routing attributes of the underlay.

This diagram shows the basic architecture and capabilities of Overlays.

Including a new appliance into the SD-WAN fabric consists of two basic steps:

1. Registration and discovery.

Aer you

Accept

the discovered appliance, the

Configuration

Wizard opens.

2. Provisioning.

Because the wizard prompts you to select profiles, it is easier to create these

ahead of time.

The following figure shows the process of installing and provisioning an appliance for SD-WAN.

Aruba EdgeConnect SD-WAN Edge Platform 20

Page is loading ...

Aruba Edge, Using Orchestrator - 9.1.3 User guide

Related papers

Other documents