Managing CPE devices

The table of CPE devices is displayed in the SD-WAN → CPE section. Information about CPE devices is displayed in the following columns of the table:

• DPID is the DPID of the CPE device.
• S/N is the serial number of the CPE device.
• Model is the model of the CPE device.
• SW version is the firmware version of the CPE device. Outdated firmware is highlighted in orange.
• CPE template is the CPE template used by the CPE device.
• Name is the name of the CPE device.
• Role is the role of the CPE device:
  • CPE
  • Gateway
• Status is the status of the CPE device.
  • Unknown means the CPE device is connected to the orchestrator but is not registered.
  • Waiting means the CPE device has been added in the orchestrator web interface, but it is not connected to the orchestrator.
  • Registering means the CPE device is being registered.
  • Error means an error occurred while registering the CPE device.
  • Registered means the CPE device has been registered successfully.
  • Configuration means scripts are being run on the CPE device.
  • Suspended means that while registering the CPE device, an error occurred and registration was not completed.
• State is the state of the CPE device:
  • Enabled means the assigned CPE template has been applied to the CPE device on the orchestrator side. On the controller side, the CPE device can be used to relay traffic.
  • Disabled (in the Waiting status) means the assigned CPE template has not been applied to the CPE device on the orchestrator side. On the controller side, the CPE device cannot be used to relay traffic.
  • Disabled (in the Registered status) means the orchestrator does not respond to REST API requests from the CPE device. On the controller side, the transmission of traffic through links is blocked for the CPE device.
• Connection indicates whether the CPE device is connected to the controller:
  • Connected
  • Disconnected
• Topology tags contains topology tags that have been assigned to the CPE device.
• Fragmentation is the result of checking for fragmentation of traffic packets on the CPE device:
  • Unsupported means the CPE device cannot transmit fragmented packets.
  • Unknown means packet fragmentation cannot be checked on the CPE device.
  • Supported means the device can transmit fragmented packets.
• Transport tenant is the transport tenant to which the CPE device is added. The CPE device connects to the controller of the SD-WAN instance that is deployed for the transport tenant.
• Customer tenant is the customer tenant to which the CPE device is added. The customer tenant can manage the CPE device in its self-service portal.
• Location is the address of the CPE device.
• Management IP is the IP address assigned to the CPE device by the management subnet.
• Controllers are IP addresses and port number of controllers to which the CPE device is connected.
• Gateways are IP addresses and port numbers of gateways to which the CPE device is connected.
• Mobile network is the mobile network to which the CPE device is connected.
• Registered is the date and time when the CPE device was registered.
• Update is the date and time when the CPE device settings were last modified.
• User is the name of the user which created the CPE device.

The actions that you can perform with the table are described in the Managing solution component tables instructions.

CPE device settings are displayed on the following tabs:

• Configuration is the basic information about the CPE device. You can enter a brief description of the CPE device in the Description field and view the tasks being performed by the orchestrator in the Out-of-band management table.
• Monitoring are CPE device monitoring results.
• Problems are problems that occurred while the CPE device was operational. In case of any problems, a red exclamation mark is displayed next to the tab.
• Encryption are the traffic encryption settings.
• Service requests are service requests of the CPE device.
• Tags are tags for grouping CPE devices.
• Scripts are scripts for additional configuration of the CPE device.
• The following tabs are displayed on the SD-WAN tab:
  • General settings contains the connection settings of a CPE device to the orchestrator and controller.
  • Interfaces contains SD-WAN interfaces.
• Topology contains topology tags for establishing links between CPE devices.
• Network contains network interfaces.
• Firewall are firewall settings.
• VRF contains virtual routing and forwarding tables.
• BGP is the BGP protocol for exchanging routes between CPE devices and external network devices. The following tabs are displayed on this tab:
  • General settings contains the basic settings of the BGP protocol.
  • Neighbors contains BGP peers.
  • Peer groups contains BGP peer groups.
• OSPF covers the OSPF protocol for route exchange between CPE devices and external network devices. The following tabs are displayed on this tab:
  • General settings contains basic settings of the OSPF protocol.
  • OSPF areas contains OSPF areas.
  • OSPF interfaces contains OSPF interfaces.
• Routing filters contains settings for filtering routes and traffic packets between CPE devices and external network devices. The following tabs are displayed on this tab:
  • Access control lists contains access control lists (ACLs).
  • Prefix lists contains prefix lists.
  • Route maps contains route maps.
• BFD covers the BFD protocol for detecting routing failures between CPE devices and external network devices.
• Static routes contains static routes.
• Multicast contains settings for transmission of multicast traffic between CPE devices and external network devices using the PIM and IGMP protocols. The following tabs are displayed on this tab:
  • General settings contains basic PIM settings.
  • Interfaces contains multicast interfaces.
• VRRP covers the VRRP protocol for high availability of CPE devices. The following tabs are displayed on this tab:
  • VRRP instances contains VRRP instances.
  • VRRP instance groups contains VRRP instance groups.
• CFM contains settings of the Connectivity Fault Management (CFM) functionality.
• UNIs are UNIs on the CPE device.
• Modems are CPE device modem settings.
• Links contains link settings.
• Multipathing are the path settings.
• Activation are two-factor authentication settings of the CPE device.
• Deactivation are settings for automatically removing and disabling the CPE device.
• Log files contains logging settings.
• NetFlow contains basic NetFlow settings.
• NTP displays NTP servers used for time synchronization.
• Diagnostic information displays requests for CPE device diagnostic information.
• Utilities displays utilities for diagnosing CPE devices.

Adding a CPE device

You need to add a CPE device if you are automatically registering it (ZTP). When adding a CPE device, you must specify the DPID that will be used to match the added record with the CPE device that you will connect later. You can add a CPE device to the current SD-WAN instance, a tenant, or a different SD-WAN instance.

To add a CPE device:

1. Add a CPE device in one of the following ways:
   • If you want to add a CPE device to the current SD-WAN instance, in the menu, go to the SD-WAN → CPE section and in the upper part of the page, click + CPE.
   • If you want to add a CPE device to a tenant, in the menu, go to the Tenants section, under Tenants, select the created tenant, and under CPEs, click + CPE.
   • If you want to add a CPE device to a different SD-WAN instance, navigate to the SD-WAN → SD-WAN instances subsection, click a deployed SD-WAN instance, and in the upper part of the settings area, under Actions, click Create.
2. This opens a window; in that window, in the Name field, enter the name of the CPE device.
3. In the DPID field, enter the DPID of the CPE device. You can find the DPID on the box of the CPE device.

   If the CPE device does not have a DPID, you can specify a temporary DPID, for example, temporary DPID. You can replace the temporary DPID with the actual DPID.

4. In the State drop-down list, select the CPE device state after registration:
   • Enabled to apply a CPE template to the CPE device and use it to relay traffic. This is the default setting.
   • Disabled to not apply a CPE template to the CPE device.
5. If necessary, in the Description field, enter a brief description of the CPE device.
6. If you are adding a CPE device to an SD-WAN instance, in the Tenant drop-down list, select the transport tenant to which you want to add the CPE device. The CPE device connects to the controller of the SD-WAN instance that is deployed for the transport tenant. You can select an SD-WAN instance pool.
7. In the Customer tenant drop-down list, select the customer tenant to which you want to add the CPE device. The customer tenant can manage the CPE device in its self-service portal.
8. If you want to create a UNI on the CPE device using a UNI template, in the UNI template drop-down list, select the created UNI template.
9. In the CPE template drop-down list, select the created CPE template which you want to use to configure the CPE device.
10. In the NetFlow template drop-down list, select the created NetFlow template that you want to use to configure basic NetFlow settings on the CPE device.
11. In the Firewall template drop-down list, select the created firewall template which you want to use to configure the firewall of the CPE device.
12. Click Next and specify the address of the CPE device location in the Address field. As you enter the address, you are prompted to select an address from a drop-down list.

    The address is displayed on the map.

13. Click Add.

The device is added, its status changes to Waiting, and you get one of the following results:

• If you added the CPE device to the current SD-WAN instance, the CPE device is displayed in the table.
• If you added the CPE device to a tenant, the CPE device is displayed under CPEs.
• If you added the CPE device to a different SD-WAN instance, the self-service portal is opened in a new browser tab. You are automatically logged in to the self-service portal and taken to the CPE subsection. The CPE device is added to the table.

Generating an URL with basic CPE device settings

If you are automatically registering a CPE device, you need to generate a URL with basic CPE device settings. You can specify the template of the generated URL when configuring the connection of the CPE device to the orchestrator and controller. The generated URL contains the following information:

• NTP Servers.
• Network interfaces
• Settings for connecting the CPE device to the orchestrator and controller and SD-WAN interfaces.
• Certificates
• BGP settings
• The token if two-factor authentication is being used
• Virtual routing and forwarding tables.

The maximum size of a URL with basic CPE device settings may not exceed 64 KB.

To generate a URL with basic CPE device settings:

1. In the menu, go to the SD-WAN → CPE section.

   A table of CPE devices is displayed.

2. Click the CPE device for which you want to generate a URL with basic settings.

   The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand icon . By default, the Configuration tab is selected, which displays general information about the CPE device. This tab also displays the table of Out-of-band management tasks being performed by the orchestrator.

3. In the upper part of the settings area, under Actions, click Get configuration URL.

   This opens a window with the basic CPE device settings URL.

4. Save the URL with basic CPE device settings in one of the following ways:
   • If you want to copy the URL, click Copy next to it.
   • If you want to save the URL as an HTML file, click Save to HTML next to it.

   You need to connect an administrator device to the LAN port of the CPE device and use the saved URL with basic settings to automatically register the CPE device.

5. If you want to install certificates on a CPE device with firmware version 23.07:
   1. In the Version drop-down list, select 23.07.
   2. Click Copy next to all generated URLs with basic settings.
   3. Save the generated URLs with basic settings.

   You need to visit each of the copied URLs with basic settings in sequence on the CPE device where you want to install certificates.

Manually registering a CPE device

You must manually register the CPE device in the web interface when re-registering the CPE device. Registration does not require connecting to Kaspersky cloud services.

To manually register a CPE device:

1. In the menu, go to the SD-WAN → CPE section.

   A table of CPE devices is displayed.

2. Click the CPE device that you want to manually register.

   The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand icon . By default, the Configuration tab is selected, which displays general information about the CPE device. This tab also displays the table of Out-of-band management tasks being performed by the orchestrator.

3. In the upper part of the settings area, under Actions, click Register.
4. This opens a window; in that window, in the State drop-down list, select the CPE device state after registration:
   • Enabled to apply a CPE template to the CPE device and use it to relay traffic. This is the default setting.
   • Disabled to not apply a CPE template to the CPE device.
5. If necessary, in the Description field, enter a brief description of the CPE device.
6. In the Tenant drop-down list, select the transport tenant to which you want to add the CPE device. The CPE device connects to the controller of the SD-WAN instance that is deployed for the transport tenant. You can select an SD-WAN instance pool.
7. In the Customer tenant drop-down list, select the customer tenant to which you want to add the CPE device. The customer tenant can manage the CPE device in its self-service portal.
8. If you want to create a UNI on the CPE device using a UNI template, in the UNI template drop-down list, select the created UNI template.
9. In the CPE template drop-down list, select the created CPE template which you want to use to configure the CPE device.
10. In the NetFlow template drop-down list, select the created NetFlow template that you want to use to configure basic NetFlow settings on the CPE device.
11. In the Firewall template drop-down list, select the created firewall template which you want to use to configure the firewall of the CPE device.
12. Click Next and specify the address of the CPE device location in the Address field. As you enter the address, you are prompted to select an address from a drop-down list.

    The address is displayed on the map.

13. Click Register.

The CPE device status changes first to Registering, then to Registered.

Unregistering a CPE device

To unregister a CPE device:

1. In the menu, go to the SD-WAN → CPE section.

   A table of CPE devices is displayed.

2. Click the CPE device that you want to unregister.

   The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand icon . By default, the Configuration tab is selected, which displays general information about the CPE device. This tab also displays the table of Out-of-band management tasks being performed by the orchestrator.

3. In the upper part of the settings area, under Actions, click Unregister.
4. In the confirmation window, click Unregister.

The CPE device is unregistered and the CPE device status changes to Waiting.

Specifying the address of a CPE device

To specify the address of a CPE device:

1. In the menu, go to the SD-WAN → CPE section.

   A table of CPE devices is displayed.

2. Click the CPE device whose address you want to specify.

   The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand icon . By default, the Configuration tab is selected, which displays general information about the CPE device. This tab also displays the table of Out-of-band management tasks being performed by the orchestrator.

3. In the upper part of the settings area, under Actions, click Set location.
4. This opens a window; in that window, enter the address of the CPE device's location. As you enter the address, you are prompted to select an address from a drop-down list.

   The address is displayed on the map.

5. Click Save.

The address of the CPE device is specified.

Enabling and disabling a CPE device

When a CPE device is enabled, a CPE template is applied to it. Disabled CPE devices cannot be used to relay traffic.

To enable or disable a CPE device:

1. In the menu, go to the SD-WAN → CPE section.

   A table of CPE devices is displayed.

2. Click the CPE device that you want to enable or disable.

   The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand icon . By default, the Configuration tab is selected, which displays general information about the CPE device. This tab also displays the table of Out-of-band management tasks being performed by the orchestrator.

3. In the upper part of the settings area, under Actions, click Enable or Disable.

The CPE device is enabled or disabled.

Restarting a CPE device

To restart a CPE device:

1. In the menu, go to the SD-WAN → CPE section.

   A table of CPE devices is displayed.

2. Click the CPE device that you want to restart.

   The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand icon . By default, the Configuration tab is selected, which displays general information about the CPE device. This tab also displays the table of Out-of-band management tasks being performed by the orchestrator.

3. In the upper part of the settings area, under Actions, click Reboot.
4. In the confirmation window, click Reboot.

The CPE device is restarted.

Shutting down a CPE device

You can power off the CPE device in the orchestrator web interface, or by disconnecting the power cable from the CPE device. When the power is turned off in the orchestrator web interface, the shutdown command is sent to the operating system of the CPE device.

To power off the CPE device in the orchestrator web interface:

1. In the menu, go to the SD-WAN → CPE section.

   A table of CPE devices is displayed.

2. Click the CPE device that you want to shut down.

   The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand icon . By default, the Configuration tab is selected, which displays general information about the CPE device. This tab also displays the table of Out-of-band management tasks being performed by the orchestrator.

3. In the upper part of the settings area, under Actions, click Shutdown.
4. In the confirmation window, click Shutdown.

The CPE device is shut down.

Connecting to the CPE device console

To connect to the console of a CPE device:

1. In the menu, go to the SD-WAN → CPE section.

   A table of CPE devices is displayed.

2. Click the CPE device to whose console you want to connect.

   The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand icon . By default, the Configuration tab is selected, which displays general information about the CPE device. This tab also displays the table of Out-of-band management tasks being performed by the orchestrator.

3. In the upper part of the settings area, under Actions, click Open SSH console.

This opens the CPE device console window in a new browser tab.

Viewing the password of a CPE device

To view the password of a CPE device:

1. In the menu, go to the SD-WAN → CPE section.

   A table of CPE devices is displayed.

2. Click the CPE device whose password you want to view.

   The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand icon . By default, the Configuration tab is selected, which displays general information about the CPE device. This tab also displays the table of Out-of-band management tasks being performed by the orchestrator.

3. In the upper part of the settings area, under Actions, click Show password.

This opens a window with the CPE device password.

Exporting orchestrator and controller connection settings and SD-WAN interfaces from a CPE device

To export orchestrator and controller connection settings and SD-WAN interfaces from a CPE device:

1. In the menu, go to the SD-WAN → CPE section.

   A table of CPE devices is displayed.

2. Click the CPE device from which you want to export orchestrator and controller connection settings and SD-WAN interfaces.

   The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand icon . By default, the Configuration tab is selected, which displays general information about the CPE device. This tab also displays the table of Out-of-band management tasks being performed by the orchestrator.

3. In the upper part of the settings area, under Actions, click Export SD-WAN settings.

A JSON file named <Template name>sdwan-config is saved to your local device.

Exporting network interfaces from a CPE device

To export network interfaces from a CPE device:

1. In the menu, go to the SD-WAN → CPE section.

   A table of CPE devices is displayed.

2. Click the CPE device from which you want to export network interfaces.

   The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand icon . By default, the Configuration tab is selected, which displays general information about the CPE device. This tab also displays the table of Out-of-band management tasks being performed by the orchestrator.

3. In the upper part, under Actions click Export network interfaces.

A file in JSON format with the name <Template name>-network-config is saved to your local device.

Changing the DPID of a CPE device

You need to change the DPID when deploying a vCPE device on the VMware virtualization platform and automatically registering it.

To change the DPID of a CPE device:

1. In the menu, go to the SD-WAN → CPE section.

   A table of CPE devices is displayed.

2. Click the CPE device whose DPID you want to change.

   The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand icon . By default, the Configuration tab is selected, which displays general information about the CPE device. This tab also displays the table of Out-of-band management tasks being performed by the orchestrator.

3. In the upper part of the settings area, under Actions, click Change DPID.
4. This opens a window; in that window, enter the new DPID of the CPE device.
5. Click Save.

The DPID of the CPE device is changed.

Deleting CPE devices

When you delete a CPE device, all service interfaces created on it are automatically deleted.

Deleted CPE devices cannot be restored.

To delete CPE devices:

1. In the menu, go to the SD-WAN → CPE section.

   A table of CPE devices is displayed.

2. To delete an individual CPE device:
   1. Click the CPE device that you want to delete.

      The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand icon . By default, the Configuration tab is selected, which displays general information about the CPE device. This tab also displays the table of Out-of-band management tasks being performed by the orchestrator.

   2. In the upper part of the settings area, under Actions, click Delete.
3. To delete multiple CPE devices:
   1. Select check boxes next to the CPE devices that you want to delete.
   2. In the upper part of the table, click Actions → Delete.
4. This opens a confirmation window; in that window, select the method for deleting the CPE device:
   • Delete, unregister, and reset password to delete the CPE device from the orchestrator web interface. When powered on, the CPE device reconnects to the orchestrator and is displayed in the orchestrator web interface with the Unknown status.
   • Reset to factory settings to remove the CPE device from the orchestrator web interface and reset the CPE device settings to factory defaults. When powered on, the CPE device does not reconnect to the orchestrator and is not displayed in the orchestrator web interface.
   • Force delete to delete the CPE device from the orchestrator web interface. You can select this option to remove an unavailable CPE or a redundant entry from the orchestrator web interface.
5. Click Delete.

The CPE devices are deleted and are no longer displayed in the table.