SDWAN FAQs – Self-provision / Configuration Synchronization 

FAQs

1. What is meant by self-provision?

2. What does configuration synchronization mean?

3. What licenses are required?

4. How is ensured that the self-provision is carried out at the specified location?

5. How can be restricted the use of a Branch Edge in an unsure access network (theft of equipment and subsequent installation in an unauthorized internet access?

1. What is meant by self-provision?

The process whereby a factory setting device (Branch Edge or Datacenter Edge), is able to receive and apply their settings automatically when is connected to the network, without any local action done on the device. This equipment contacts with CNM, identifies itself, and receives its configuration in a secure way.

2. What does configuration synchronization mean?

Configuration Synchronization is the process in which devices automatically download their configuration from CNM when anything has been changed in the data model. It could be said that the self-provision is a special case of it, since it is occurring the 1st time that the device is installed after leaving the factory.

3. Which protocols are used and which is the security level in the communications?

HTTPS (SSL/TLS) is used. CNM server is identified by a digital certificate to avoid spoofing and information is authenticated and encrypted in both directions. Optionally HTTP can be used if encryption is not desired or you cannot use port 443 (HTTP uses port 80).

4. How is ensured that the self-provision is carried out at the specified location?

In remote devices you need to enable Netflow on the WAN interface and configure the Netflow parameters of the server to which traffic is to be exported. Optionally, Access Control Lists associated with route-maps and labels in the Netflow protocol to label different traffic categories and enabling level-7 application detection when there is a DPI license. In the server, optional Dashboard generation to present information according to user preferences.

5. How can be restricted the use of a Branch Edge in an unsure access network (theft of equipment and subsequent installation in an unauthorized internet access)?

There are currently several mechanisms to avoid this case. One possibility is to detect if a remote point is disconnected more than certain time (which could mean that the remote device is being transferred to another place), and disable connectivity to the network; in case of false alarm, it could be activated by a manual intervention in CNM.

Read our latest Blog Posts

Dead Reckoning on how to improve road transport navigation

Dead Reckoning on how to improve road transport navigation

Dead Reckoning is the process of calculating the current position of an object based on estimates. Despite its origins in seafaring, it can have a significant impact on road transport. In a world dominated by GNSS technologies, understanding the implications of Dead...

Cybersecurity vulnerabilities are affecting to suppliers and customers

Cybersecurity vulnerabilities are affecting to suppliers and customers

In addition to being a data protection tool, cybersecurity software is the first line of defense against external threats or cybersecurity vulnerabilities. So, what happens if the software itself is vulnerable? In the last few years, we’ve seen how attackers exploit...

Developing a Robust Disaster Recovery Plan in the Cloud

Developing a Robust Disaster Recovery Plan in the Cloud

In an increasingly digital world, businesses depend on cloud-based systems for everything from data storage to critical applications. While the cloud offers significant benefits—such as scalability, flexibility, and cost efficiency—it also presents new challenges in...