Introduction to SD-WAN
Connecting Sites and Remote Workers Using Crystal Eye XDRs SD-WAN Tech Stack¶
Crystal Eye XDRs SD-WAN offers the capability to connect multiple sites and create a VPN mesh architecture using IPsec VPN or Wireguard VPN. In addition to this, it also provides a robust VPN platform for remote access users creating SSL VPN tunnel between a site and single user end-point device such as laptops, desktops, phones and tablets.
The IPsec VPN application has elaborate features that allow users to create custom IPsec VPN policies. These IPsec policies play a vital role in outlining specific recommendations and best practices for securing the IPsec VPN connections.
The encryption methodology configured allows the IPsec tunnel to provide security functions such as ‘privacy’. Some of the other security functions offered by CE XDR’s IPsec VPN provide the required integrity of the content through data authentication. It is imperative to configure a strong cryptography on the IPsec VPN connection so that the tunnel is not at risk and that the data confidentiality is not lost.
The SSL VPN application of the CE XDR is used to create Remote-access VPN connections in full tunnel mode and split-tunnel mode. CE XDR’s SSL VPN application essentially allows users to connect to a remote network behind the CE XDR with the help of secured SSL based connections. The Crystal Eye XDR provides cutting edge technology ensuring smooth connectivity over a VPN network.
The WireGuard application is a modern VPN solution (as compared to SSL VPN) and it utilizes inbuilt state-of-the-art cryptography. Crystal Eye XDR offers the capability to implement site-to-site VPN allowing users to connect to resources placed in multiple sites. The app can be switched to both split-tunnel mode and full tunnel mode to create a secure tunnel between multiple sites. Crystal Eye SD-WAN Monitoring
As businesses rapidly embrace digital transformation, managing and securing a complex, distributed network infrastructure has become increasingly difficult. Organizations today rely heavily on Virtual Private Networks (VPNs) and Software-Defined Wide Area Networks (SD-WAN) to connect remote offices, hybrid workers, and cloud environments. While these technologies provide flexibility, they also introduce visibility challenges, performance uncertainties, and incident response delays.
Crystal Eye addresses these modern pain points with a fully integrated SD-WAN Monitoring application. Built to track the health of VPN connections using IPSec and WireGuard protocols, this application empowers network administrators with the tools to proactively detect disruptions, maintain service-level agreements (SLAs), and streamline incident management. What Crystal Eye SD-WAN Monitoring Tool Solves? The core challenge with most enterprise VPNs is the lack of centralized, real-time monitoring. Admins often find themselves blind to tunnel degradation, jitter, packet loss, or outages until end users report them. The Crystal Eye SD-WAN Monitoring solution solves this by continuously monitoring tunnel endpoints and alerting admins the moment SLA thresholds are breached.
Key problems addressed include:
Inability to visualize VPN performance trends over time.
Manual, reactive incident handling.
Lack of SLA enforcement on critical remote connections.
Fragmented alerting mechanisms.
No integrated reporting to track compliance or performance.
The SD-WAN Monitoring application solves this with real-time graphs, configurable profiles, and intelligent alerting that integrates into the Crystal Eye Security Operations Centre (CESOC). Step-by-Step Guide to Using Crystal Eye SD-WAN Monitoring Step 1: Accessing the Monitoring Tool
To begin monitoring VPN health:
Log in to the Crystal Eye interface with administrator credentials.
Navigate to the menu: Network Control > Network Diagnostic Tool.
Click on the SD-WAN Monitoring tab.
This tab will present two main components: SD-WAN Profiles and SD-WAN Performance. Step 2: Creating a New SD-WAN Profile
A profile defines the monitoring parameters for a specific VPN tunnel. To create one: Click the Add Profile button.
Provide a name and description.
Choose the SD-WAN Type: either IPSec or WireGuard.
Select the appropriate VPN tunnel name from the dropdown list.
Set the Probe Type (currently only ICMP is supported).
Define the IP addresses to probe these should be part of the remote LAN or allowed subnets.
Enter the email addresses for alert recipients in the "Mailto" field.
Configure SLA thresholds:
Down Time: Maximum allowable time without a response (e.g., 30 seconds).
Delay High/Low: Acceptable latency boundaries (e.g., 450ms high / 400ms low).
Packet Loss High/Low: Acceptable packet loss percentage (e.g., 30% / 20%).
Polling Interval: Frequency of probe checks (e.g., every 20 seconds).
Save the profile to activate monitoring.
Step 3: Monitoring Performance in Real Time Once profiles are added, the "SD-WAN Performance" section displays a timeline graph for each profile. These graphs reflect delay, loss, and downtime parameters over time. The performance graph uses a color-coded system:
Green indicates SLA compliance.
Yellow warns that metrics are nearing violation thresholds.
Red signifies that SLA violations have occurred.
The system aggregates the data for each profile, enabling users to visually analyze the health trends of their VPN tunnels.
Step 4: Alerting and Notifications Crystal Eye SD-WAN Monitoring features an automated alerting mechanism for SLA violations. Three types of alerts are available:
Down Alerts: Triggered when no replies are received within the configured threshold.
Delay Alerts: Activated when latency exceeds the high threshold and deactivated when it falls below the low threshold.
Loss Alerts: Sent when packet loss crosses the upper limit and cleared when it drops below the lower limit.
These alerts are sent to CESOC and to the email addresses configured per profile. Alerts are grouped to prevent flooding and can be configured to repeat at specific intervals (default every 5 minutes, up to 10 times). Step 5: Accessing Reports and Logs Reports are profile-based and accessible directly from the interface. They display the SLA metrics over time and help administrators track trends or recurring issues.
Data is stored for 90 days.
A daily cleanup job ensures older data is purged.
Alerts are stored in JSON format at: /var/crystaleye/network_diagnostic_tool/sdwan_alerts.json.
Application logs are maintained in /var/log/sd-wan-monitor.log with rotation and compression enabled.
Security and Compliance Considerations
The application aligns with Red Piranha’s Secure Software Development and Acquisition Lifecycle (SSDAL) standards. It incorporates:
Role-based access control (Admin/root access only).
Secure data retention policies.
Logging for all SLA violations and administrative actions.
High Availability support via configuration sync between primary and secondary CE units.
Crystal Eye’s SD-WAN Monitoring is not just a diagnostic utility; it is a proactive SLA assurance platform. By providing deep visibility into VPN health, automated alerting, and integrated reporting, this application enables IT and network teams to reduce downtime, ensure compliance, and maintain seamless business operations.
Read about IPsec VPN application