Prisma SD-WAN Administrator’s Guide
  • Prisma SD-WAN Administrator’s Guide
  • Prisma SD-WAN Documentation
  • All Documentation
>
Configure a Cellular Software Bypass Pair
Focus
Download PDF
Focus
  1. Home
  2. Prisma SD-WAN
  3. Prisma SD-WAN Sites and Devices
  4. Prisma SD-WAN Ports and Interfaces
  5. Bypass Pair
  6. Configure a Cellular Software Bypass Pair
Download PDF
Prisma SD-WAN

Configure a Cellular Software Bypass Pair

Table of Contents
Let us learn how to configure a cellular software bypass pair.
Where Can I Use This?What Do I Need?
  • Prisma SD-WAN
  • Prisma SD-WAN license
Software cellular bypass creates a software bridge between the ethernet and cellular interfaces of an ION device. To support cellular WAN links in a high availability (HA) configuration, configure a software cellular bypass pair with a cellular link as one interface and an ethernet link as another interface. When both the links are active, the active ION device employs a path selection algorithm to select the best path.
In an HA topology, when the WAN link attached to the active device fails, the active device can continue to route traffic over the WAN link attached to the backup device. If one of the ION devices fails, the other device can take over routing of the traffic between LANs and to/from the WANs.
  1. Select WorkflowsDevicesClaimed Devices, select the device you want to configure.
  2. Select Interfaces.
  3. Select a port.
  4. On the Main Configuration > General settings, add Tags.
  5. For Admin Up, select Yes.
    When you create a bypass pair, both the ports are up. When you bring down the bypass pair, both ports will be set to down. After that you have to bring up the ports individually. For security reasons, bringing up the individual port of the bypass pair is necessary. Failing to do so, the individual ports of the bypass pair will remain down and may impact the software upgrade process.
  6. Optional Enter a Description.
  7. In Network Settings, enter the following information:
    1. Select Bypass Pair as the Interface Type
    2. For Use These Port For, select either Internet, or Private WAN.
    3. For Pair With, choose a pairing port to create a bypass pair and then click Done.
      Set one port as WAN and the second as LAN on the Couple Ports to create a Bypass Pair pop-up. For cellular bypass pairs, the cellular interface is always WAN and the peer is always LAN.
    4. Choose a Circuit Label.
      The circuit label for the cellular interface should match the circuit label for the peer device’s directly attached cellular interface.
    5. The IPv4 Configuration is auto-negotiated for the Cellular bypass.
    6. Select the Scope of the port.
    7. Select IPFIX Collector and IPFIX Filter for the port.
  8. Configure the Cellular WAN interface as an internet transit zone in the NAT Zone configuration.
  9. Configure the Advanced Settings by entering the following information:
    1. Disable IoT SNMP Discovery Source Interface
    2. Security Group Info is disabled.
    3. Enter Host Name and MAC address.
    4. Enter External Nat Address (IPv4) and the Port (IPv4) number.
    5. Enter the IP MTU range. The range for IPv4 is 552 to 1500 and for IPv6 is 1280 to 1500.
    6. Select Physical settings.
  10. Save the bypass pair.

Configure WAN (Peer) Interfaces

In an HA configuration, the initial step is to configure a cellular bypass pair and configure a WAN port on each ION device. The next step is to mirror the WAN configuration on the connected WAN port of the other ION device.
The ION devices operate in an active/backup configuration, and through fail-to-wire functionality, the active ION device constantly maintains complete control and utilizes the full capacity of all the WAN circuits. As a result, you need to configure WAN circuits on both the ION devices.
  1. Select WorkflowsDevicesClaimed Devices, select the device you want to configure.
  2. Select Interfaces.
  3. Select a port.
  4. For Admin Up, select Yes.
  5. Select Internet or WAN for Use this ports for.
  6. Select Cellular in Peer Bypass Pair Wan Port Type to use the cellular bypass pair in a HA topology.
    This field is used in an HA environment to inherit cellular configuration on an Ethernet port using the peer bypass pair for the cellular traffic.
    When creating a Cellular 5G/LTE + Ethernet software bypass, the LAN interface in a bypass pair should be directly connected to the Ethernet port on the other ION device, which will terminate the VPNs built over the cellular circuit.
  7. Specify the APN profile for the Cellular interface.
  8. The IPv4 Configuration is auto-negotiated for the Cellular bypass.
  9. Choose a Circuit Label.
    Use the same circuit on the bypass pair. The circuit label for the cellular interface should match the circuit label for the peer spoke’s directly attached cellular interface.
  10. Save the configuration.

Technical Documentation

Company

Legal Notices

© 2025 Palo Alto Networks, Inc. All rights reserved.