> ## Documentation Index
> Fetch the complete documentation index at: https://altostrat.io/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Connectivity and SD-WAN

> Plan and operate Altostrat SDX connectivity services, including WAN failover, managed VPN, and captive portals.

Altostrat SDX gives you a managed connectivity plane for MikroTik-based sites. You use it to keep branches online, connect sites and users privately, and control guest access without turning every router into a one-off project.

This section focuses on the operator workflow: what you configure in the portal, what SDX pushes to the device, and where you monitor the result.

```mermaid theme={null}
flowchart LR
  Site["Managed site"] --> Failover["WAN failover"]
  Site --> Portal["Captive portal"]
  Site --> Mgmt["Management VPN"]
  Site --> Vpn["Managed VPN peer"]
  Failover --> Faults["Faults and workflow events"]
  Portal --> Users["Guest sessions and coupons"]
  Vpn --> Private["Private site and user access"]
  Mgmt --> Ops["Monitoring, jobs, and transient access"]
```

## Connectivity Services

<CardGroup cols={3}>
  <Card title="WAN failover" icon="route">
    Define up to four WAN links for a site, rank them by priority, and monitor link health with latency, packet loss, jitter, and traffic data.
  </Card>

  <Card title="Managed VPN" icon="network">
    Provision a cloud VPN instance and attach site peers or user peers with OpenVPN or WireGuard, depending on the peer type and use case.
  </Card>

  <Card title="Captive portals" icon="wifi">
    Create branded guest access experiences that authenticate users with OAuth2 identity providers or coupon codes.
  </Card>
</CardGroup>

## How The Pieces Fit

Connectivity features are built on the same SDX operating model:

* The portal stores the desired state for each service.
* SDX validates the configuration against the site, workspace, and service rules.
* Device changes are delivered through the job plane, so the router fetches work through its outbound management connection.
* Faults, telemetry, and workflow events close the loop after the change is live.

That model matters operationally. You can review state in the portal, follow job progress, and build workflows around connectivity events instead of relying on someone to notice a local router configuration drift.

## Where To Start

<CardGroup cols={2}>
  <Card title="Configure WAN failover" icon="route" href="./wan-failover" arrow="true">
    Add WAN links, set priority, and understand how SDX reports link faults.
  </Card>

  <Card title="Plan a managed VPN" icon="lock-keyhole" href="./managed-vpn/introduction" arrow="true">
    Learn the instance and peer model before connecting sites or users.
  </Card>

  <Card title="Build a captive portal" icon="ticket" href="./captive-portals/introduction" arrow="true">
    Choose OAuth2 or coupon authentication for guest access.
  </Card>

  <Card title="Review platform endpoints" icon="server" href="../resources/trusted-ips" arrow="true">
    Check the outbound destinations your firewalls must allow for SDX services.
  </Card>
</CardGroup>