Explain ZTP onboarding flow in SD-WAN.

Zero-touch provisioning is the automatic onboarding of SD-WAN edge devices without manual setup. In this flow, when a new edge boots, it reaches a bootstrap server to start its enrollment. It authenticates itself using a certificate-based method or a pre-shared key that was embedded in the device during manufacturing. Once trusted, the bootstrap server provides the initial minimal configuration and points the device toward the central orchestrator for the rest of the setup. The edge then downloads configuration templates and site policies, checks whether a firmware upgrade is needed and applies it if required, and finally activates the SD-WAN tunnels so traffic can start flowing immediately. After joining, the device registers with the management plane and retrieves the final, site-specific configuration. This approach contrasts with manual provisioning, where someone must physically configure the device after it arrives, or with scenarios where onboarding is optional or the device runs in a default mode without automatic tunnel activation. ZTP ensures rapid, scalable deployment with consistent, policy-driven configurations and automatic tunnel establishment.