Create SD-WAN device groups for your hubs and branches.
Create device groups, one for your hubs and
one for your branches, containing all the policy rules and configuration
objects for your SD-WAN hubs and branches. After you create the
device groups for your hubs and branches, you must create a Security policy
rule in each device group allowing traffic between the hub and branch
zones. Creating these Security policy rules ensures that traffic
between the SD-WAN device zones is allowed when the SD-WAN plugin
creates the VPN tunnels after you
create a VPN cluster.
Configure identical configurations across
your hub firewalls and an identical configuration across your branch
firewalls. This greatly reduces the operational overhead of having
to manage the configurations of multiple SD-WAN hubs and branches,
and allows you to troubleshoot, isolate, update configuration issues much
more rapidly.