•  Welcome to SteelConnect Manager
  • Documentation and release notes
  • Contacting Riverbed
•  Introducing SteelConnect
  •  Overview
    • Key features
    • High-level architecture
    • Appliances
  • Browser support
  •  Network service architecture
    • Underlay
    • Overlay
  •  SD-WAN controller overview
    • What does the SD-WAN controller control?
  •  Secure overlay tunnels
    • Inbound and outbound tunnels
    • Secure tunnel keys
    • Deployment considerations
    • Key management, retrieval, and rotation
    • Key resiliency
•  Quick Start
  •  Getting started
    • Defining an organization
    • Designing a network
    • Adding shadow appliances
    • Establishing a security policy
    • Enabling appliances
    • Configuring remote employee access to the corporate LAN
    • Logging out
•  Configuring Zscaler
  •  Zscaler overview
    • Before you begin
  •  Integrating with Zscaler
    • API partner integration (recommended)
    • Manual Integration
    • Configuring VPN credentials (manual configuration only)
    • Setting traffic policies
    • Viewing Zscaler tunnels
    • Viewing the VPN ID
  • Troubleshooting Zscaler tunnels
•  Configuring Cloudi-Fi
  • Cloudi-Fi overview
  •  Configuring Cloudi-Fi
    • Basic steps
    • Selecting an active cloud
    • Configuring locations
    • Setting the Cloudi-Fi VPN credentials
    • Setting traffic policies
    • Viewing Cloudi-Fi tunnels
    • Viewing the VPN ID
  • Troubleshooting Cloudi-Fi
•  SteelConnect in the Cloud
  • Cloud overview
  • Including SteelHead WAN optimization with your cloud deployment
  •  Connecting to Amazon Web Services
    • Subscribing to Riverbed AWS products
    • Configuring your AWS accounts with SteelConnect Manager
    • Importing AWS networks
    • Deploying SteelConnect gateways to your AWS network
    • Configuring redundancy
    • Managing your AWS deployments
    • AWS Direct Connect
    • SteelConnect AWS transit VPC
  •  Connecting to Microsoft Azure
    • Subscribing to Riverbed Azure products
    • Configuring your Azure accounts with SteelConnect Manager
    • Importing Azure networks
    • Deploying SteelConnect gateways to your Azure network
    • Managing your Azure deployments
    • Microsoft Azure ExpressRoute
•  SteelConnect with Office 365
  •  Office 365 networking partner overview
    • SteelConnect integration
  • How SteelConnect steers Office 365 traffic
  •  Optimizing Office 365 traffic with SteelConnect
    • Integration using the Microsoft default settings (recommended)
    • Integration using custom path preferences
•  Checking System Health
  • System health overview
  • Getting a summary of system health
  • Checking network overlays
  • Checking overlay routes by site
  •  Checking tunnel health by tunnel
    • Tunnel Status tab
    • Path Quality tab
    • Destination Networks tab
  • Checking proxy tunnels
  •  Checking appliance BGP, OSPF, and FIB information
    • Fields in the BGP Neighbors area
    • Fields in the OSPF Enabled Appliances area
    • Appliance Forwarding Information Base area
  •  Checking uplinks
    • Internet or MPLS page details
  •  Checking zones and subnets
    • Zone Health page details
  •  Checking appliances
    • Appliance Health page details
    • Manageability section details
    • Resources section details
    • Hardware section details
    • Networking section details
•  Scheduling Firmware Upgrades
  • Upgrade overview
  • Tagging sites
  •  Configuring firmware upgrade schedules
    • Changing the default policy
    • Scheduling firmware upgrades
    • Postponing scheduled upgrades
    • Upgrading immediately
    • Deleting schedules
  • How can I tell if the appliance firmware is up to date?
•  Working with Organizations
  • Organization overview
  •  Defining an organization
    • Name/Location
    • Networking Defaults
    • Transit
    • Configuring transit hub routing
    • Social Media
    • Wi-Fi Manager
    • Numbering Pools
    • Maintenance
    • Data Retention
    • SNMP, Logging, System Dump, and NetFlow
    • Legal Disclaimer
    • Appliance Thresholds
    • Appliance Login
    • Global Subnet Discovery
•  Designing a Network
  •  Creating sites
    • Creating site tags
  •  Zones within a site
    • Assigning a gateway to a zone
    • Assigning more than one gateway to a zone
    • Forwarding DHCP/BOOTP requests to a DHCP server on a remote network
    • Creating a third-party zone
    • Integrating a third-party router/gateway into a zone
    • Turning off outbound NAT
    • Adding zone details
    • Zone settings
  • xLAN settings
  •  DNS settings
    • DNS routing
  •  RADIUS authentication
    • Forwarding inbound internet traffic to a remote server
  •  Creating a WAN
    • WAN settings
  •  Creating uplinks
    • Selecting an uplink priority
    • Turning off AutoVPN for an uplink
    • Turning off AutoVPN for an uplink
    • Setting the IPv4 address for remote sites
    • Viewing uplink status
  •  Configuring a direct alternate hub
    • Alternate hub requirements
•  Data Center Gateway Clusters
  • Adding gateways to the data center
  •  Topologies
    • Data center cluster with SteelHead Interceptors
    • Data center cluster performing traffic redirection
    • Data center cluster with a single SDI-5030 gateway
    • Data center cluster characteristics
    • Cluster components
    • Attracting branch traffic toward data center gateways
  •  Creating clusters
    • Configuring ports
  • Creating data center uplinks
  • Creating interfaces
  •  Why enable dynamic routing for a cluster?
    • Forwarding packets from the branch to the data center gateway
    • Forwarding packets from the data center gateway to the branch
    • Forwarding inner connections to the data center
    • Configuring BGP settings
    • Special consideration for iBGP and eBGP deployments
    • Advertising the default route in IGP in the data center for internet uplinks
  •  Viewing cluster health
    • Deleting a cluster
    • Viewing cluster status events
  •  Upgrading a data center cluster
    • Prerequisites
    • How does SteelConnect allocate resources within a cluster?
  • Definition of Last Error codes
  • Splitting a data center into two sites
  •  Configuring dual hubs and multi-hubs
    • Dual-hub deployment
    • Multi-hub deployment
    • Configuring dual hubs and shared services hubs
•  Integrating a SteelHead Interceptor with a Data Center Gateway
  • Interceptor overview
  •  Changing the default gateway configuration
    • Why is the Gateway Cluster tab dimmed?
•  Connecting a Topology Using VPN
  •  Setting up site-to-site VPN
    • AutoVPN modes
    • AutoVPN leaf mode
    • Deployment example - AutoVPN between gateways
  •  Connecting to a third-party VPN
    • Classic VPN use cases
•  Enabling Branch Routing
  • Dynamic routing overview
  •  Why enable dynamic routing?
    • Benefits of dynamic routing with OSPF
    • Benefits of dynamic routing with eBGP
    • CE and PE routers
  •  BGP
    • BGP modes
  •  Branch dynamic routing topologies with eBGP
    • Enabling BGP on a branch gateway
    • Creating an eBGP neighbor
    • Enabling eBGP on static IP uplinks
    • Viewing eBGP learned and advertised routes
  •  OSPF
    • OSPF topology
  •  Configuring OSPF routing
    • Prerequisites
    • Viewing learned routes
    • Viewing OSPF neighbor activity
    • How does an OSPF zone interact with traffic rules in SCM?
  • Redistributing underlay routing
  •  Routing policy overview
    • Redistributing routes
    • Summarizing routes
    • Injecting a default route
    • Defining a routing policy
    • Summarizing LAN routes via eBGP
    • ASBR routing options
  •  Defining static routing
    • Static route interactions
•  Configuring High Availability
  •  HA overview
    • SteelConnect gateway model physical appliances
  • Branch high availability overview
  •  How does branch high availability work?
    • Which gateway models support high availability?
    • HA features
    • Prerequisites
    • How do I configure an HA pair?
    • Monitoring a high-availability pair
  • Data center high availability overview
  • Data center redundancy
  •  How does data center high availability work?
    • eBGP and high availability
    • Which models support data center high availability?
•  Using Applications
  •  Application overview
    • Application groups
  • Application catalog
  • Custom applications
  •  Traffic flow classification
    • Traffic flow classification for firewalled connections
    • Traffic flow classification for custom applications
•  Enabling Security Using Rules
  • How do inbound and outbound rules work?
  •  Policy controls
    • Outbound and internal rules
    • Configuring external to internal port forwarding on a SteelConnect gateway
    • Inbound rule examples
•  Managing User Identities
  •  Identifying and adding users
    • Adding users
  • Creating user groups
•  Viewing Insights Reports
  • SteelCentral Insights for SteelConnect overview
  • Getting started
  • Launching Insights reports from SCM
•  Connecting a SteelHead with a Gateway
  •  SteelHead compatibility
    • The SteelHead gateway connection
  •  Enabling SteelHead compatibility on the gateway automatically
    • Viewing SteelHead connections
•  Accelerating SaaS Traffic
  •  About SaaS Accelerator
    • Supported SaaS applications
    • SaaS Accelerator licensing
  • Service cluster limits
  • SaaS Accelerator connection and user definition
  • Compatibility with SteelHead models
  •  Configuring SaaS acceleration
    • Before you begin
    • Licensing the SCM for SaaS acceleration
    • Configuring SSL optimization
    • Configuring SaaS applications for acceleration
    • Configuring SaaS acceleration on the client-side SteelHead
    • Configuring SaaS acceleration on SteelHead Mobile
    • Controlling appliance access
    • Resizing a SaaS service cluster
    • Deleting appliances from the SCM
  •  Monitoring SaaS Acceleration
    • Monitoring AppUnit usage
    • Monitoring SaaS connections
    • Monitoring SaaS data usage
    • Monitoring data reduction for accelerated SaaS traffic
    • Monitoring certificate signing activity
    • Monitoring SaaS service cluster status
•  Defining Traffic Rules
  •  Directing traffic using traffic rules
    • Intelligent traffic steering and traffic flow distribution
  •  Configuring path quality-based path selection
    • Path quality profiles
    • QoS priority
    • Editing traffic rules
    • Deleting traffic rules
  • Traffic policy example
  •  Viewing traffic paths
    • Monitoring path quality
•  Configuring QoS for Branch Gateways
  •  Configuring QoS
    • How does QoS for gateways work?
  • Enabling QoS on uplinks
•  Managing Appliances
  •  Viewing SteelConnect appliances
    • Viewing appliance details
    • Appliance date and time
    • Viewing gateways
    • Wi-Fi
    • STP
    • AutoVPN
  • Adding shadow appliances
  •  Registering appliances
    • Gateway provisioning
  • Exporting NetFlow data
  • Monitoring the appliance CPU temperature
•  SteelConnect Ports
  •  Port overview
    • Port settings and status
  •  Setting the port mode
    • Configuring the uplink mode
    • Configuring a singlezone port
    • Configuring a multizone port
  •  Enabling port-based network access control
    • What is the gateway’s role in the authentication process?
•  Managing Devices
  •  Viewing devices
    • Viewing registered devices
    • Viewing unregistered devices
    • Viewing device details
•  Covering a Network with Wi-Fi
  •  How do I plan and broadcast Wi-Fi?
    • What is an SSID?
  •  Portals
    • Registering guest devices using social media without XMS-Cloud
    • Planning Wi-Fi wireless radio coverage
•  Monitoring and Troubleshooting
  • Viewing network topology
  • Viewing tunnel status
  • Viewing site and appliance status
  •  Monitoring tools
    • Local monitoring tools
    • Export data to remote servers
    • Systemwide visibility
    • Flow-based visibility with log integration
  • Troubleshooting tools
  •  Troubleshooting common questions
    • How do I find out where traffic is going when it leaves the gateway?
    • How do I determine what influences the path?
    • How do I verify the traffic path?
    • How can I isolate the problem when the SteelHead SD is unable to communicate with SCM?
    • Where can I see a list of tunnels?
    • How can I verify the underlay routing for a brownfield transit deployment?
    • How do I check the status of a high availability pair?
    • How do I view the routing table entries?
  •  Monitoring with SNMP, syslog, and NetFlow
    • SNMP
    • Syslog
    • NetFlow
  •  System dump collection and management
    • System dump
  •  Troubleshooting command
    • Export troubleshooting logs
  •  Show Path tool
    • Show path output
    • Show path output limitations
  • Connectivity tests
  • Packet capture
  • Echo test
  • Support package
  • Appliance configuration
  • Provisioning
  • Zscaler
  • Multiple DNS servers for a site
  • Uplink subnet mask format
  • VPN
  • Wi-Fi
  • Access points
  • Recovery mode
•  Using Syslog
  •  Syslog overview
    • Local logging versus remote logging
  • Exporting syslog messages to a remote syslog server
  • Remote message format
  •  Remote and local syslog message priorities
    • Local system log storage capacity
  •  Remote syslog messages
    • Appliance-specific syslog messages
    • Routing virtual machine (RVM) remote syslog messages
  •  Remote log server Rsyslog version recommendations
    • Sample remote server configuration
•  Using the CLI on SteelConnect and SteelHead SD
  •  Using the CLI on SteelHead SD appliances
    • Connecting to the SteelHead SD CLI
  •  Using the CLI on SteelConnect gateways
    • Connecting to the SteelConnect gateway CLI
    • SteelConnect gateway commands
•  Network Visibility
  • Viewing a traffic timeline
  • Viewing the event log
•  SteelConnect REST API
  • REST API Overview
  • Accessing the API
  • Authenticating API requests
  • Viewing documentation for an object
  • Supported appliance types
•  SteelConnect Connection Ports
  •  Ports for UDP, TCP, and ICMP connections
    • Outbound connections
    • Inbound/outbound connections
    • Tunneled SSH client connections
•  Administering a Realm
  • Realm overview
  • Managing the firmware upgrade process
  •  Setting security and enabling the REST API
    • Password policy
    • Automatic expiration of active user sessions
    • Enabling support access
    • Enabling REST API
    • Enabling two-factor authentication
  •  Enabling SNMP reporting and logging
    • Enabling SNMP and adding SNMP servers
    • Adding SNMP user profiles
  •  Exporting syslog messages
    • You can also export syslog messages to a local enterprise collector.
  • Exporting NetFlow data
  • Integrating third-party services or SMS providers
  • Adding a legal disclaimer
  •  Using realm menus
    • Organizations
    • Admins
    • Creating an administrator
    • Overriding organization settings
  •  Assigning roles to an administrator
    • Predefined roles
    • Creating and editing a new role
  • Viewing a list of appliances in organizations
•  SteelConnect SNMP Traps
  •  SNMP traps
    • IF-MIB traps supported
    • SNMPv2-MIB traps supported
•  SteelConnect Topologies
  • Supported topologies
  •  Branch topologies
    • Single router using NAT to the internet
    • Single router to an MPLS network
    • Two routers active-backup
    • Two routers active-active
    • Dual MPLS
  • Data center topologies
  •  Topology options
    • Local internet breakout or backhaul
    • Connect cloud services

SteelConnect™ Manager User Guide

SteelConnect Topologies