Traffic encryption on a CPE device

If traffic encryption is enabled on a CPE device, encrypted traffic is transmitted through all links established with its participation. The exception is cases when you enable traffic encryption on the device, but disable it on an individual link.

You can enable or disable traffic encryption on an individual CPE device or on all devices that use the CPE template. By default, traffic encryption is disabled.

To enable or disable traffic encryption on an individual CPE device:

1. In the menu, go to the SD-WAN section.

   By default, the CPE subsection is displayed with a table of CPE devices.

2. Click the CPE device.

   The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button .

3. Select the Tunnel encryption tab.

   The traffic encryption policy is displayed.

4. Select the Override check box to ignore the applied CPE template and make the settings in the selected tab editable. This check box is cleared by default.
5. In the Default encryption policy drop-down list, select Enabled or Disabled.
6. In the upper part of the settings area, click Save to save the configuration of the CPE device.

To enable or disable traffic encryption on all devices that use a CPE template:

1. In the menu, go to the SD-WAN → CPE templates subsection.

   A table of CPE templates is displayed.

2. Click the CPE template.

   The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button .

3. Select the Tunnel encryption tab.

   The traffic encryption policy is displayed.

4. In the Default encryption policy drop-down list, select Enabled or Disabled.
5. In the upper part of the settings area, click Save to save the configuration of the CPE template.

Page top