Kaspersky SD-WAN
- About Kaspersky SD-WAN
- Architecture of the solution
- Redundancy and fault tolerance
- Ensuring security
- User interface of the solution
- Authentication in Kaspersky SD-WAN
- Setting and resetting the default page
- Switching between light and dark theme
- Limiting the duration of a user session when idle
- Viewing active user sessions
- Configuring the Docker container log verbosity
- Navigating to the orchestrator API
- Changing the language of the orchestrator web interface
- Licensing of Kaspersky SD-WAN
- Managing Kaspersky SD-WAN domains
- Managing data centers
- Managing VIMs
- Managing subnets
- Viewing logs
- Service Requests
- Managing network services
- User roles and actions with network services
- Uploading a VNF or PNF package to the orchestrator
- Network service template
- Creating a network service
- Configuring network service topology components
- Editing a network service topology
- Deploying a network service
- Checking the consistency of a network service
- Redeploying a network service and its components
- Auto-Healing
- Managing VNFs and VDUs in a network service
- Viewing the network service log
- Deleting a network service
- Managing confirmation requests
- Managing users
- Creating an LDAP connection
- Editing an LDAP connection
- Changing the password of an LDAP connection
- Deleting an LDAP connection
- Creating access permissions
- Editing access permissions
- Cloning access permissions
- Removing an access permission
- Creating a user
- Editing a user
- Changing user password
- Activating or blocking a user
- Deleting a user
- Creating a user group
- Editing a user group
- Deleting a user group
- Managing tenants
- Creating a tenant
- Assigning a VIM to a tenant
- Assigning topology components to a tenant
- Assigning compute resources to a tenant
- Assigning a user to a tenant
- Assigning a user group to a tenant
- Authenticating as an administrator in the tenant's orchestrator web interface
- Editing a tenant
- Deleting a tenant
- Managing SD-WAN instances
- Creating an SD-WAN instance template
- Setting the default SD-WAN instance template
- Deleting an SD-WAN instance template
- Adding a tenant to an SD-WAN instance template
- Removing a tenant from an SD-WAN instance template
- Configuring high availability
- Choosing a transport strategy
- Adding a tenant to an SD-WAN instance
- Removing a tenant from an SD-WAN instance
- Viewing devices assigned to an SD-WAN Instance
- Deleting an SD-WAN instance
- Creating a pool of SD-WAN instances
- Adding an SD-WAN instance to a pool
- Removing an SD-WAN instance from a pool
- Deleting a pool of SD-WAN instances
- Managing CPE devices
- Composition of CPE devices
- Composition of uCPE devices
- SD-WAN managementTunnel management transport service
- Automatic configuration of CPE (ZTP) devices
- CPE device statuses and states
- Ensuring connectivity of CPE devices with SD-WAN Controllers
- Automatically updating the link cost based on maximum speed of the interface
- CPE template
- Creating a CPE device
- Specifying the address of a CPE device
- Registering a CPE device
- Activating or deactivating a CPE device
- Using a web address to activate a CPE device
- Connecting to the CPE device console
- Deleting a CPE device
- Viewing the password of a CPE device
- Restarting a CPE device
- Shutting down a CPE device
- Exporting settings and SD-WAN interfaces from a CPE device
- Exporting network interfaces from a CPE device
- Searching for CPE devices
- Automatic removal and deactivation of a CPE device
- Two-factor authentication of a CPE device
- Orchestrator certificates
- Tags
- Out-of-band management of CPE devices
- Managing CPE devices in SD-WAN controller menu
- Viewing the OpenFlow table of a CPE device
- Viewing statistics of OpenFlow interfaces
- Viewing statistics of queues on LAN interfaces
- Navigating to service interfaces on a CPE device
- Viewing the specifications of a CPE device
- Viewing the usage of a CPE device
- Changing the status of a CPE device in the SD-WAN Controller
- Changing the MAC address of a CPE device
- Terminating the TCP session between a CPE device and the SD-WAN Controller
- Scripts
- Network interfaces
- Configuring the connection of a CPE device to the SD-WAN network
- SD-WAN interfaces
- OpenFlow interfaces
- Service interfaces and UNIs
- Creating a service interface
- Creating an ACL interface
- Viewing the usage of a service interface and an ACL interface
- Deleting a service interface and an ACL interface
- Creating a UNI template
- Creating a UNI in a template
- Editing a UNI in a template
- Deleting a UNI in a template
- Deleting a UNI template
- Creating a UNI
- Editing a UNI
- Deleting a UNI
- Filtering routes
- The BGP dynamic routing protocol
- The OSPF dynamic routing protocol
- The BFD protocol
- Creating or deleting a static IPv4 route
- The VRRP protocol
- Viewing the settings of the CPE device connection to the service provider network
- Configuring the connection of a CPE device to a Syslog server
- Configuring the connection of a CPE device to an NTP server
- Firmware
- Monitoring solution components
- Tunnels, segments, and paths
- Configuring topology
- Quality of Service (QoS)
- Transport services
- Point-to-Point (P2P) transport service
- Point-to-Multipoint (P2M) transport service
- Multipoint-to-Multipoint (M2M) transport service
- Adding a transport service in a CPE template
- Editing a transport service in a CPE template
- Deleting a transport service from a CPE template
- Scenario: Directing application traffic to a transport service
- Traffic mirroring
- Task scheduler
- Configuring the SD-WAN Controller
- Editing the SD-WAN Controller
- Restarting the SD-WAN Controller
- Downloading a backup SD-WAN Controller configuration file
- Restoring the SD-WAN Controller
- Deleting the SD-WAN Controller
- SD-WAN Controller properties
- Viewing information about SD-WAN Controller nodes
- Viewing the topology of a deployed SD-WAN instance
- Contacting Technical Support
- Appendices
- Glossary
- Control plane
- Customer Premise Equipment (CPE)
- Data plane
- DSCP values
- Graceful restart
- Orchestrator
- Physical Network Function (PNF)
- PNF package
- SD-WAN Controller
- SD-WAN Gateway
- Software-Defined Networking (SDN)
- Software-Defined Wide Area Network (SD-WAN)
- Tenant
- Universal CPE (uCPE)
- Virtual Infrastructure Manager (VIM)
- Virtual Network Function (VNF)
- Virtual Network Function Manager (VNFM)
- VNF Package
- Information about third-party code
- Trademark notices
Traffic encryption
Traffic encryption is a mechanism of securing the exchange of traffic between
Telecommunication equipment, including virtual machines, located at the client premises. Used to connect the client location to the SD-WAN network, establish tunnels and transfer traffic between client locations. Traffic can be sent to a data center to provide network functions such as routing protocols, intrusion prevention, or anti-virus protection.
Traffic encryption does not replace the need to use other information security measures, such as TLS, LDAPS, and other protocols that protect traffic within the overlay network.
The
Centrally manages the overlay network and network devices in accordance with the service chain topology via the OpenFlow protocol. Deployed as a virtual or physical network function.
The keys are regularly updated to deprive third parties of the opportunity to encrypt or decrypt the transmitted traffic if a key is intercepted. You can specify the length of time after which the keys are updated on CPE devices using the Dtopology.link.encryption.key.update.interval.minutes property of the SD-WAN Controller.
Traffic encryption is supported only on CPE devices running Kaspersky SD-WAN software.
If traffic encryption is enabled on a CPE device, all outbound tunnels that involve this device send encrypted traffic (including new tunnels that will be established later).
If traffic encryption is disabled on a CPE device, it sends unencrypted traffic. Note that if you disable traffic encryption on a device that previously encrypted its outgoing traffic, the keys generated by the SD-WAN Controller for encrypting and decrypting traffic are deleted from all associated devices.
Traffic encryption can also be enabled or disabled on tunnels. For example, you can enable traffic encryption on a CPE device, but disable it on a tunnel established with the participation of this device. When enabling or disabling traffic encryption on a tunnel, you must configure both the outgoing and incoming tunnels in the same way.
|
In this section |