You can set up one or more Software-defined networks to automatically connect remote office networks managed by Untangle SD-WAN Router and NG Firewall. Each Software-defined network is controlled by Command Center and uses WireGuard VPN tunnels to route traffic between each network in a site-to-site mesh topology. Managing your Software-defined networks via Command Center reduces the complexity of manually configuring VPN tunnels.
Before configuring your Software-defined network, confirm that your appliances meet the following requirements:
- Version 3.1 or newer
- Version 16.1 or newer
- IPsec and OpenVPN must be disabled or uninstalled
- NG Firewall Complete or Trial License
- WireGuard app must be installed
Setting up the Software-defined Network
To set up your Software Defined Network you need to first create a SD-WAN Network. See Managing SD-WAN Networks in Command Center for steps to create your SD-WAN Network.
Once your SD-WAN Network is set up with at least two appliances, you can configure the Software-defined Network.
- From the SD-WAN Networks list, select your network.
- Locate the Software Defined Network widget containing the appliances in your network.
- Select each appliance and click Configuration.
- Toggle the Enable option to activate VPN access for this appliance and the networks behind it.
- After enabling access, choose the local subnets you wish to make accessible to other appliances in this network.
Notes regarding shared subnets:
- Selecting shared subnets is optional. If no local subnets are enabled, this appliance network acts in client mode and is able to access resources of remote networks but not vice versa.
- If a local subnet conflicts with a shared subnet from a different appliance, you are not able to enable VPN access as this may result in routing issues.
Synchronizing the Software-defined Network
After you enable access to your appliances and specify shared subnets, you must synchronize your changes. This action adds, removes, or updates VPN tunnels for each appliance in the network.
By clicking Sync VPN Settings, Command Center enqueues the request for processing, which may take several minutes. You can review the Audit History to check the status of your sync request.
After the synchronization completes, you can review the tunnels and their status by logging into each appliance.
Note: For NG Firewall appliances, Command Center creates a tunnel for each remote appliance in the network. For SD-WAN Router appliances, Command Center creates only a single tunnel interface, however all remote networks are serviced via this tunnel interface.
Important: You may view the tunnels managed by Command Center for status information and other relevant details, however you must not edit these tunnels as Command Center will overwrite the changes during the next synchronization.
To confirm that the VPN tunnels are synchronized to an NG Firewall appliance, you can view the Enabled Tunnels grid on the WireGuard VPN Status page. The Last Handshake confirms the most recent successful transfer, and the Bytes In and Bytes Out confirm that data is flowing in both directions.
To confirm that VPN tunnels are synchronized to an SD-WAN Router appliance, you can view the Interfaces screen. The Connected and Online statuses confirm that the tunnel is up, and the arrows confirm that data is flowing in both directions.
You can check the status of your Centrally Managed Network tunnels from the Network Dashboard. The Network Map shows the links between each peer in the network.
If there is a specific reason that an appliance cannot sync, the Software Defined Network widget provides information in the Notes column next to the associated appliance.Follow