An enterprise operates dozens of branch offices and wants to keep the same intrusion-detection policy on every WAN edge device. Which SD-WAN capability lets administrators meet this requirement without manually touching each individual site?
Manual per-site router configuration using SSH and CLI scripts
Relying on autonomous system numbers in BGP to synchronize security policies
Centralized policy orchestration through an SD-WAN controller
Uploading configuration files via TFTP to each branch gateway on a schedule
Software-defined WAN separates the control plane from the data plane and introduces a centralized controller (or orchestrator). Administrators define security and detection policies once on the controller, which then distributes the resulting configuration to every SD-WAN edge. This centralized orchestration greatly reduces human error and configuration drift. Manual CLI sessions, scheduled TFTP uploads, or BGP AS numbering do not provide a single point for consistently enforcing detection logic across all branches.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is SD-WAN and how does it work?
Open an interactive chat with Bash
What are the benefits of centralized orchestration in SD-WAN?
Open an interactive chat with Bash
What are common risks of manual WAN configuration?