Which SD-WAN component authenticates WAN Edge devices before they join the overlay fabric?

The key thing being tested is how a WAN Edge device is brought into the SD-WAN overlay securely. In Cisco SD-WAN, the vBond orchestrator handles the initial authentication and authorization of WAN Edge devices before they join the fabric. When a edge device boots, it contacts vBond and presents its identity (certificates/credentials). vBond verifies that identity, ensures the device is allowed to participate, and then directs the edge to the appropriate controllers (like vSmart) and provides the necessary reachability information. This creates a trusted foundation so the edge can establish secure control-plane tunnels into the overlay fabric and begin exchanging policies and routing information. vManage is the management UI used to configure devices and monitor the fabric, but it does not authenticate edges as they join. vSmart handles policy distribution and routing once devices are in the fabric. FMC is not part of the SD-WAN overlay authentication process; it’s a separate security management tool. So the component responsible for authenticating WAN Edge devices before they join is vBond.