HP Aruba EdgeConnect (formerly Silver Peak) SD-WAN

Details

  • Support: Level 1

Security Manager retrieves configurations for devices managed under an EdgeConnect SD-WAN. To add this device and its managed devices, complete the procedure below.

Step 1: Configure the Device

FireMon strives to provide up-to-date product information, however we are not always aware when vendors change their device UI. If any Configure the Device procedure differs from your device version (UI location of fields, not information needed), please consult your device's user guide.

  1. Create a user account with Read-Write access.

    1. Log in to the Aruba device dashboard with an account that has permission to add a new user.

    2. Click the Orchestrator tab > User Management, and click Add.

    3. Enter user information in the Add User dialog box; selecting a Role of at least Read-Write, and then click Add.

  2. This device requires an API setting to be changed from the default for retrieval. Updating this setting from the Orchestrator console may not have any effect; the API method is more reliable.

    1. Click Support > User Documentation > REST APIs.

    2. Scroll down to and expand section securitySettings : Security Settings.

    3. Expand the GET operation, click Try it out!. This will show a response body.

    4. Expand the POST operation.

    5. Copy the entire Response Body text from the GET section into the Value box under POST.

    6. Verify that enforceCSRFCheck is set to false, and then click Try it out!.

      • A Response Code of 204 is verification that the settings updated correctly.

      • If the CSRF token is not disabled (set to false) then retrieval will fail.

Step 2: Onboard the Device in the Administration Module

  1. On the toolbar, click Device > Management Stations.
  1. Click Create, and then click Aruba > EdgeConnect SD-WAN.
  1. General Properties section.

To prevent errors in device group-level device maps and incorrect reporting data, all devices added in Administration must have unique IP addresses. If devices with duplicate IP addresses must be added within a domain, it is strongly recommended that those devices be separated into discrete device groups, where no duplicate IP addresses are included in the same device group. Devices with duplicate IP addresses will cause errors in the All Devices device map, and may cause incorrect data in reports, even if they are in discrete device groups.

  1. In the Name box, type the name of the device as you want to see it in SIP.
  2. In the Description box, type an optional description of the device being added.
  3. In the Management IP Address box, type the IP address of the device.
  4. In the Data Collector Group box, select the IP address of the data collector group that will collect data from this device.
  5. In the Central Syslog Server box, select the syslog server from the list (optional).

Syslog fields are optional if the device uses the same IP for syslog and management.
A central syslog server is required only if syslog messages come from a different IP. A central syslog server must be created before it can be assigned to a device. To track usage via syslog, the device must support Level 3+.

  1. In the Syslog Match Names box, type the syslog match names (optional). You can enter multiple names separated by a comma.
  2. By default, the Automatically Retrieve Configuration check box is selected.
  3. In the External ID box, type a unique identifier to be used when the device identifier is different than what is displayed in SIP.
  1. For Collection Configuration, enable Update Rule Documentation on Member Devices to allow Rule Documentation fields on member devices to inherit a value from the management station. Any management stations Rule Documentation field updates will override updates on the member device. A rule marked to be removed will not be updated. Default is what is set on the installed device pack.
  1. Device Settings section.

Credentials

  1. In the User Name box, type the user name used for the administrator account.
  2. In the Password box, type the password used for the administrator account.
  3. In the Re-enter Password box, retype the password entered above.

Retrieval

  • By default, the REST API Port is 443.
  • The Hostname or IP Address is either the FQDN or IP address of the device.
  1. Click Save.
    Devices being managed will be listed in the Discovered Devices section.