WFilter’s SD-WAN service is an integration of the ZeroTier networking. With SD-WAN, you are able to build secure site-to-site VPN tunnels without needing a static public IP address.  This guide will show you the necessary steps using WFilter NGF.

1. Network topology

As shown in the above topology diagram, headquarter and two branches all use WFilter NGF as gateway. By adding each gateway into the SD-WAN network, you will be able to setup secure site-to-site VPN tunnels.

2. SD-WAN subnet settings

First setup a SD-WAN network in the WFilter cloud service.

3. Join every WFilter into the SD-WAN network

4. Assign SD-WAN ip and setup routing

Assign static SD-WAN ip addresses to every WFilter, for example: WFilter A(10.200.188.1), WFilter B(10.200.188.2), WFilter C(10.200.188.3). Then you can setup SD-WAN routing policy to forward LAN traffic.

After the above setups, each local area network can directly access each other. To restrict access, you also can setup firewall rules in WFilter’s firewall->Rules.

1. Register on the Wfilter cloud service

2. Configure the endpoint WFilter to join the cloud service

As shown in the figure below, record the cloud service network ID, and setup SD-WAN to join this network in the SD-WAN of the WFilter. In the Wfilter cloud service, copy sdwan network ID.

In Wfilter web-UI, join cloud network.

3. Add WFilter client in the cloud platform

The third step is to add the Wfilter client device in the cloud platform. As shown in the figure below, add client’s SD-WAN secret in “Devices” in the cloud platform.

After the above steps, you are able to manage the added Wfilter clients in the Wfilter cloud service, including:

• View device address, system version, IP address, and alert information
• Synchronize configurations in different Wfilter devices
• Access the management interface via Internet