CPE devices relay traffic between your organization's locations and clients, and also have direct access to the internet (DIA) without relaying traffic to the central office. For building the SD-WAN network, an OpenFlow virtual switch (virtual switch; vSwitch) is installed on CPE devices. You can use CPE devices of the following types:
To manage CPE devices, they must be registered. New CPE devices are registered automatically using Zero Touch Provisioning (ZTP). You add the CPE device in the orchestrator web interface, generate a URL with basic settings, and enter that URL on the CPE device. When the CPE device connects to the orchestrator using the received basic settings, it is mapped to the added record and is automatically registered. Registration does not require connecting to Kaspersky cloud services.
You can use two-factor authentication to register the CPE device securely. Two-factor authentication records a token (security key) to the orchestrator database; the token is then placed on the CPE device using the URL with basic settings. Registration succeeds if, when the CPE device connects to the orchestrator, the token placed on the device matches the CPE token in the orchestrator database.
For centralized configuration of CPE devices, you can use CPE templates. To avoid configuring each CPE device individually, you can specify the settings in the CPE template and then apply the template to CPE devices when adding or manually registering CPE devices. If you edit a setting in a CPE template, the setting is automatically modified on all CPE devices that are using this CPE template. If you edit a setting on the CPE device, the setting becomes independent of the CPE template, and if the setting is modified in the CPE template, it remains unchanged on the CPE device.
Certain CPE device settings can only be specified in a CPE template, for example, the port number for connecting to the orchestrator.
When you remove a CPE device from the orchestrator web interface, the basic settings are retained on the CPE device. If you need to register the device again, you must restart the CPE device to make it connect to the orchestrator, and when it appears in the orchestrator web interface, you must manually register the CPE device. You cannot use two-factor authentication when re-registering a CPE device.
When adding and registering a CPE device, you can select if you want it to be automatically enabled after registration. When a CPE device is enabled, the CPE template is applied to it and the CPE device becomes available for relaying traffic.