Configure an SD-WAN Interface (REST API)
Table of Contents
Configure an SD-WAN Interface (REST API)
A virtual SD-WAN interface groups multiple
physical links use to communicate with the same destination.
This
example shows you how to create a virtual SD-WAN interface on Panorama™.
This interface is meant for direct Internet access from a branch,
so the SD-WAN interface will include only physical Ethernet interfaces.
It’s assumed that you’ve already set up necessary templates and
device groups on Panorama. The examples use a template calledSD-Branch-Network.
-
Create a link tag.
A link tag enables you use to group physical links so that SD-WAN path selection and traffic redirection can use the groups to maximize application and service quality. See Create a Tag (REST API) for an example of an API request to create a link tag.
-
Create an SD-WAN interface profile.
Create an SD-WAN interface profile to define the characteristics of ISP connections and to control the speed of links and how frequently the firewalls monitors the link. This profile includes both the link tag you created and the type of link that the interface is (ADSL/DLS, Cable modem, Ethernet, Fiber, LTE/3G/4G/5G, MPLS, etc.). The following POST request creates an SD-WAN interface profile.curl -X POST 'https://<Panorama>/restapi/v9.1/network/sdwanInterfaceprofiles?location=template&template=SDWAN-Branch-Network&name=BroadBand-low-cost' -H 'X-PAN-KEY: <api key> -d '{ "entry": { "@name": "BroadBand-low-cost", "comment": "Low cost", "failback-hold-time": 20, "link-tag": "Broadband-ISP", "link-type": "Cablemodem", "maximum-download": 100, "maximum-upload": 50, "path-monitoring": "Aggressive", "probe-frequency": 5, "probe-idle-time": 60, "vpn-data-tunnel-support": "yes" } }'
- Configure one or more physical interfaces.
Configure the physical interface(s) that the virtual SD-WAN interface will include. This example configures one Ethernet interface. Configuring an Ethernet interface for SD-WAN involves three steps, which are (a) configure a Layer 3 Ethernet interface without an SD-WAN interface profile, (b) import the Ethernet interface into a virtual system, and (c) update the Ethernet interface to specify the SD-WAN interface profile.- Configure a Layer 3 Ethernet interface.The following is an example of an API request to configure a Layer 3 Ethernet interface that uses DHCP for IP address assignment.curl -X POST 'https://<Panorama>/restapi/v9.1/network/ethernetinterfaces?location=template&template=SDWAN-Branch-Network&name=ethernet1/4' -H 'X-PAN-KEY: <api key> -d '{ "entry": { "@name": "ethernet1/4", "layer3": { "dhcp-client": { "create-default-route": "yes", "default-route-metric": 10, "enable": "yes", "send-hostname": { "enable": "no", "hostname": "system-hostname" } }, "sdwan-link-settings": { "enable": "no" } } } }'
- Import the Ethernet interface into a virtual system (vsys).
Make an API request on Panorama to import the Ethernet interface into a vsys configuration. The example below imports the newly created Ethernet interface intovsys1, which exists in templateBranch_template. In this example, there is only one interface. If other interfaces already exist in the vsys, though, include them all in the interface member list.curl -X POST 'https://<Panorama>/restapi/v9.1/device/virtualsystems?location=template&template=SDWAN-Branch-Network&name=vsys1' -H 'X-PAN-KEY: <api key> -d '{ "entry": [ { "@location": "template", "@name": "vsys1", "@template": "Branch_template", "import": { "network": { "interface": { "member": [ "ethernet1/4" ] } } } } ] }'- Apply an SD-WAN interface profile to the Ethernet interface.
The example below applies an SD-WAN interface profile to the Ethernet interface to complete the Ethernet interface configuration for SD-WAN.curl -X PUT 'https://<Panorama>/restapi/v9.1/network/ethernetinterfaces?location=template&template=SDWAN-Branch-Network&name=ethernet1/4' -H 'X-PAN-KEY: <api key> -d '{ "entry": { "@name": "ethernet1/4", "layer3": { "dhcp-client": { "create-default-route": "yes", "default-route-metric": 10, "enable": "yes", "send-hostname": { "enable": "no", "hostname": "system-hostname" } }, "sdwan-link-settings": { "enable": "yes", "sdwan-interface-profile": "BroadBand-test" } } } }'- Configure a virtual SD-WAN interface.
The following is an example to configure a virtual SD-WAN interface.- Create a parent SD-WAN interface namedsdwan if
one doesn’t already exist.
The following example creates the parent interfacesdwan for templateSDWAN-Branch-Network.curl -X POST 'https://<Panorama>/restapi/v9.1/network/sdwanInterfaces?location=template&template=SDWAN-Branch-Network&name=sdwan' -H 'X-PAN-KEY: <api key> -d '{ "entry": { "@name": "sdwan" } }'
- Create and configure an SD-WAN interface.
Specify one or more SD-WAN-capable Ethernet interfaces that have the same destination, for example directly to the Internet. The following example creates a virtual SD-WAN interface that has two Ethernet interfaces, including the Ethernet interface you configured earlier.curl -X POST 'https://<Panorama>/restapi/v9.1/network/sdwanInterfaces?location=template&template=SDWAN-Branch-Network&name=sdwan.1' -H 'X-PAN-KEY: <api key> -d '{ "entry": { "@name": "sdwan.1", "interface": { "member": [ "ethernet1/3", "ethernet1/4" ] } } }' - Create and configure an SD-WAN interface.
- Import the Ethernet interface into a virtual system (vsys).
- Configure one or more physical interfaces.
