Support

Support for business applications

Kaspersky SD-WAN

Managing CPE devices

Kaspersky SD-WAN
Нет результатов
Online Help
FAQ Forum Contact support Recovery tools

Managing CPE devices

April 17, 2024

ID 267940

Save as PDF

CPE devices relay traffic between your organization's locations and your customers. You can purchase KESR appliances to use them as CPE devices or deploy CPE devices as virtual machines using an image received from Kaspersky. When using virtual machines, you must make sure that they satisfy the hardware requirements.

For building the SD-WAN network, centralized management and core functionality, an OpenFlow virtual switch (virtual switch; vSwitch) is installed on CPE devices. For example, virtual switch is used to configure traffic streams.

To avoid configuring each device individually, you can specify the settings in the CPE template and then apply the template to devices when adding or manually registering them. When you edit a setting in a CPE template, that setting is automatically modified on all devices that are using the template.

When you edit a setting on a CPE device, that setting becomes independent of the template. When the same setting is edited in the CPE template, the change is not propagated to such a device.

Certain CPE device settings can only be specified in a template, for example, the port number for connecting to the orchestrator.

New CPE devices are registered automatically, which is referred to as Zero Touch Provisioning (ZTP). You add the CPE device in the orchestrator web interface, generate a URL with basic settings, and enter that URL on the device. When the CPE device connects to the orchestrator using the received settings, it is mapped to the previously added record and is automatically registered. Registration does not require connecting to Kaspersky cloud services.

You can use two-factor authentication to register the CPE device securely. Two-factor authentication records a token (security key) to the orchestrator database; the token is then placed on the CPE device using the URL with basic settings. Registration succeeds if, when the CPE device connects to the orchestrator, the token placed on the device matches the token in the orchestrator database.

When you remove a CPE device from the orchestrator web interface, the basic settings are retained on the device. If you need to register the device again, you must restart the CPE device to make it connect to the orchestrator, and when it appears in the orchestrator web interface, you must manually register the device. You cannot use two-factor authentication when re-registering a CPE device.

When adding and registering a CPE device, you can select if you want it to be automatically enabled after registration. When a CPE device is enabled, the CPE template is applied to it and the device becomes available for relaying traffic.

In this Help section

About the interaction of the CPE device and the orchestrator

About the interaction of the CPE device and the Controller

Automatic registration of CPE (ZTP) devices

Repeated registration of CPE devices

Managing CPE templates

Managing CPE devices

Two-factor authentication of a CPE device

Managing certificates

Automatically deleting and shutting down CPE devices

Grouping CPE devices using tags

Configuring logs on CPE devices

Specifying NTP servers on CPE devices

Managing modems

Managing firmware

Additional configuration of CPE devices using scripts

Managing network interfaces

Configuring the connection of a CPE device to the orchestrator and Controller

Managing SD-WAN interfaces

Managing service interfaces

Managing OpenFlow port groups

Configuring a UNI for connecting CPE devices to network services

Adding or deleting a static route

Filtering routes and traffic packets

Route exchange over BGP

Route exchange over OSPF

Using BFD to detect routing failures

Ensuring high availability with VRRP

Transmission of multicast traffic using PIM and IGMP protocols

Managing virtual routing and forwarding (VRF) tables

Monitoring traffic packet information using the NetFlow protocol

Diagnosing a CPE device

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.