Link Search Menu Expand Document
calendar_month 25-Nov-24

Configuring Single Gateways

The following section of this guide will illustrate the steps for upgrading and configuring both individual gateway deployments and redundant gateway deployments using the configuration wizard. After completing the onboarding process, the guide will also provide instructions for configuring WAN HA and VRRP for redundant gateway deployments.

Table of contents

Upgrade Gateways

Step 1 Click the Appliances Discovered button.

Step 2 Click the Approve button for the Boise gateway appliance.

Step 3 Click the software version and change it to the desired version. This example uses: 9.2.2.0_94322

Step 4 Repeat this process for the remaining gateways.

2023-03-02_15-59-36

Setup Gateway Appliance

The following process will walk through all 5 of the configuration wizard steps.

Step 1 Click Approve on the Non redundant gateway appliance.

Step 2 Click Skip

Step 3 For the first step of the appliance enter in the following information for the Boise-Branch.

InputBoise-BranchPortland-BranchChicago-Branch
ApplianceBOIBR-ECE-1PORBR-ECE-1CHIBR-ECE-1/CHIBR-ECE-2
Admin Password< Password>< Password>< Password>
GroupBranchBranchBranch
Site NameBoise-BranchPortland-BranchChicago-Branch
Contact NameAruba TMEAruba TMEAruba TME
Contact Email< Company Email>< Company Email>< Company Email>
Address12601 W Explorer Dr308 SW 2nd Ave #700303 E Wacker Dr Suite 2700
CityBosiePortlandChicago
StateIdahoOregonIllinois
Zip Code837139720460601

Step 4 Click Next 2023-03-02_18-20-04

Step 5 Click the Deployment profile drop down menu. Select the MPLS + Internet Branch profile.

Note: The Chicago branches will use the Internet Only branch profile for CHIBR-ECE-1 and the MPLS Only Branch profile for CHIBR-ECE-2.

Step 6 Enter the IP and mask for each of the VLAN’s using the following table:

VLAN IDDescriptionBOIBR-ECE-1 IP AddressPORBR-ECE-1 IP AddressCHIBR-ECE-1 IP AddressCHIBR-ECE-2 IP Address
100MGMT VLAN10.14.48.1/2410.14.40.1/2410.14.32.2/2410.14.32.3/24
101Employee10.14.49.1/2410.14.41.1/2410.14.33.3/2410.14.33.3/24
102Camera10.14.50.1/2410.14.42.1/2410.14.34.3/2410.14.34.3/24
103IOT10.14.51.1/2410.14.43.1/2410.14.35.3/2410.14.35.3/24
104Guest10.14.52.1/2410.14.44.1/2410.14.36.3/2410.14.36.3/24
105Reject10.14.53.1/2410.14.45.1/2410.14.37.3/2410.14.37.3/24
106Critical10.14.54.1/2410.14.46.1/2410.14.38.3/2410.14.38.3/24
107Quarantine10.14.55.1/2410.14.47.1/2410.14.39.3/2410.14.39.3/24

Step 7 On the Critical Auth VLAN select the DHCP Server button.

Step 8 Use the Following settings to configure the DHCP server. Use the relevant IP subnet for the other branches.

  • Subnet/Mask: 10.14.54.0/24

  • Start IP: 10.14.54.10

  • End IP: 10.14.54.254

  • Default Lease: 8

  • Gateway IP: 10.14.54.1

  • DNS Server: 8.8.8.8, 8.8.4.4

2023-04-04_22-58-30

Step 9 Configure the WAN1 for the Bosie-Branch, enter the following for the:

 Boise-BranchPortland-BranchChicago-Branch
IP/Mask:100.100.7.66/29100.100.7.58/29100.100.7.50/29
Next Hop:100.100.7.65100.100.7.57100.100.7.49

Step 10 Click the Calc button to set the license.

Step 11 Click Next.

2023-04-04_23-23-17

Step 12 Click Next.

Note: The Loopback interface will be configured automatically by Loopback Orchestration.

2023-04-04_23-25-38

Step 13 Configure a summary route for the Branch network. Click Add

Step 14 Enter Summary Address for branch: 10.14.48.0/21

Step 15 Click Next

Step 16 Verify the BIO overlays configured in the Initial setup.

Step 17 Click Next

Step 18 Click Apply

Step 19 Repeat Steps 1-18 for the other branch gateways.

2023-03-09_12-43-00

Step 20 Verify tunnels are up, Navigate to Configuration> Tunnels.

image-20230310151035505

2023-03-21_11-24-43

Configuring EdgeHA

The following steps assume that the Chicago gateways have been onboarded using the configuration wizard. Once the devices have been configured Enable WAN HA, this will allow the gateways to appear as a single logical devices and share WAN uplinks.

Step 1 Right click the CHIBR-ECE-1 device, select Deployment.

Step 2 In the top left side check the EdgeConnect HA box.

Step 3 When the EdgeConnect overview page appears, click close

Step 4 In the bottom left select the HA Peer, CHIBR-ECE-2

Step 5 Change the HA-Link to LAN0 for both appliances.

Step 6 Click Save

2023-03-21_13-10-35

Caution: Each Appliance must have a unique WAN side connection, do not connect redundant WAN connections or enable active active forwarding.

Configuring VRRP

The following section walks through configuring VRRP, for the HA pair. The device with a higher priority will be the VRRP leader (CHIBR-ECE1), the device with the lower priority will be the backup (CHIBR-ECE2). Both devices will have preemption enabled so in the case that CHIBR-ECE1 fails and comes back online it will become the leader again.

Step 1 Select the Configuration tab in the top left hand side.

Step 2 In the Networking column select VRRP.

Step 3 Select CHIBR-ECE1, click the Pencil Icon.

Step 4 In the Popup menu, click Add VRRP

Step 5 In the new VRRP row, enter the following:

Group IDVirtual IP Address
10010.14.32.1
10110.14.33.1
10210.14.34.1
10310.14.35.1
10410.14.36.1
10510.14.37.1
10610.14.38.1
10710.14.39.1

Step 6 Repeat steps 1-5 for CHIBR-ECE-2

Step 7 Set the Priority Config to 100.

Group IDVirtual IP AddressPriority Config
10010.14.32.1100
10110.14.33.1100
10210.14.34.1100
10310.14.35.1100
10410.14.36.1100
10510.14.37.1100
10610.14.38.1100
10710.14.39.1100

2023-03-21_17-35-48

Configuring VRRP IP SLA

Step 1 Select the Configuration tab in the top left hand side.

Step 2 In the Templates & Policy column select IP SLA.

Step 3 Click the Pencil Icon next to any of the listed SLA’s.

Step 4 When the popup appears click the Add button on the top left side.

Step 5 In the new IP SLA Rule set the Monitor to: VRRP Monitor

Step 6 Select the Lan1 interface.

Step 7 Set the Down Action to: Modify Subnet Metric

Step 8 Set the delta to : 1000

Step 9 Set the up action to: Default subnet Action

Step 10 Repeat the following settings for each Lan1 sub interface.

2023-03-21_17-52-17

Step 11 The complete configuration should look like the following.

Step 12 Repeat steps 1-10 for CHIBR-CHI-2.

2023-03-22_09-27-51-9537019

Configuring App Express (Optional)

App Express is designed to optimize application performance by steering SaaS applications to the path with the best connectivity. The following example will demonstrate how to configure a custom SaaS application and enabled App Express.

Step 1 Select Configuration.

Step 2 Click Application Definitions.

2024-09-24_12-52-49-7207687

Step 3 On the Application definition page click Hide Advanced App Definitions.

Step 4 Click Add New Application.

2024-09-24_12-47-05-7207735

Step 5 On the Application definition page enter the following.

  • Type: TCP Port

  • Port Number: 443

  • Name: slack_homepage

  • AppExpress: Monitor and Steer

  • Ping Type: Https

  • Ping Hostname: app.slack.com

  • User Experience Thresholds: 200 , 500

Note: Monitor and Steer must be selected for app express to work.

Step 6 Click AppExpress Group in the sub-menu.

Step 7 Click Add Group.

2024-09-24_16-30-22-7222260

Step 8 On The Add AppExpress group enter the following.

  • Group Name: business_critical
  • Overlay: BulkApps
  • Check both Transports.
  • Target QoE: Excellent

Step 9 Drag the below applications over to the business_critical group. Then click save.

  • Atlassian
  • Office365Common
  • Office365Exchange
  • Slack
  • Slack_homepage
  • Zoom

2024-09-24_11-23-23-7282545

Step 10 Click Apply AppExpress in the sub-menu.

Step 11 Click Add next to the business_critical group that was created.

Step 12 Click Apply.

2024-09-24_11-24-45-7282873

Step 13 Select AppExpress Summary

Step 14 Verify App Express is working.

2024-09-24_11-55-24