Purpose - To view SSE Features in Concerto
Steps to be Followed ->
1. In order to view SSE tabs in Concerto, the director needs to have a different license called "cloud_security".
2. If you have only 1 Tenant (Parent Tenant), SSE features will not be visible under this Tenant by design. As you can see from below, Parent Tenant is Mitsubishi, and it does not have SSE feature to be enabled. Only SD-WAN feature will be default selected.
3. You would need to deploy a New Tenant (Sub-Tenant) and parent tenant should be selected mandatorily. As you can see from Below Only Sub-tenant will have SSE options
Note -
a. You can add Sub-Tenant Either in Director OR in Concerto. If you add in Director, Use Discover option in concerto to pull the newly created Sub-Tenant data. If created via Director, the Sub-Tenant will have only SD-WAN features. Once Discovered, edit the newly created Sub-Tenant to include SSE services. However, we will not be able to deploy in Concerto without completing steps 4.5 and 6.
b. If you want to deploy Sub-Tenant with SSE services via Concerto, we cannot deploy the tenant, without completing steps 4,5 and 6. (Workaround - Deploy sub-tenant in concerto with SD-WAN features enabled and complete steps 4, 5 and 6. Once completed, edit the tenant to include SSE and discard SD_WAN if not needed and publish.)
4. Once sub-tenant is deployed add any type of device (Full-Mesh/Hub/Hub-Controller) with device type as "Cloud Security" so that the device acts as SSE gateway. As of now we cannot deploy the Gateway in Concerto Directly. We need to use Director to Deploy.
Note -
a. If the Gateway is deployed as Full-Mesh, by default it will be tagged to Default-Region. You can change this in Concerto by making to Tenant->Deploy->Regions and add to required region as desired.
b. If the Gateway is deployed as Hub/HCN then we need to add region in Director Mandatorily and same information will be carried to Concerto.
5. Deploy the device and perform "appliance discovery" at the tenant level so that the added device gets synced to Concerto.
Note - Device Deploy is Mandatory, if not, we will not be able to see the Device under "Available Regions" for Step 6.
6. Once step 4 and 5 are completed. Edit the tenant in Concerto to include SSE services. Fill the required Usage type, Tenant Product and at the Select Region, you will need to select the Gateways (Without performing Step 4 and 5, the Gateway will not be visible in Concerto Regions.) Select the Gateway and add required address-pool for the clients.
7. Post the above steps, you will be able to see the SSE tabs in Concerto.
8. You will need to add the required Sase Configuration under the GW in Director.