Select the IPSec termination nodes from within Prisma Access in the aggregate
licensing model for the CloudBlades.
Where Can I Use This?
What Do I Need?
Prisma Access CloudBlade (Panorama Managed).
Prisma Access CloudBlade (Cloud Managed).
Prisma SD-WAN License.
Prisma Access for Networks Subscription.
Supported Cloud plugin Versions.
Prisma Access CloudBlade (Cloud Managed) version 3.x.x and
later.
Prisma Access CloudBlade (Panorama Managed) version 3.x.x and
4.x.x.
In the Aggregate Bandwidth licensing model, the firewall names within a region,
referred to as IPSec Termination Nodes, are made visible to help in managing consumption
and over-subscription, which is now permitted within Prisma Access. You can select the
IPSec Termination Node when onboarding a Remote Network (outside of the Panorama Managed
CloudBlade and Cloud Managed CloudBlade).
IPSec Termination Nodes Within Prisma (Panorama Managed CloudBlade)
Select IPSec termination nodes within Prisma Access in the aggregate licensing model
for Panorama Managed CloudBlade.
In the Aggregate Bandwidth model in Prisma Access for Networks,
bandwidth is assigned to a compute region within Panorama. This enables deterministic
placement of nodes and computes for the nodes behind a region.
Within the remote networks Bandwidth Allocation in Panorama,
regions are configured to allocate bandwidth for that region.
If looking at two locations, namely US East (purple box), and Europe Central (orange
box), you can see the respective bandwidth allocated for each region as shown below.
The compute instances behind a region are referred to as IPSec Termination Nodes and are visible when
configuring a Remote Network onboarding in Panorama.
Determine Region Bandwidth Utilization
Prior to deploying on any previous IPSec termination nodes, a
utilization of the current region bandwidth if there are preexisting VPN tunnels
should be analyzed. To view the utilization, navigate in Panorama to the following: PanoramaCloud Services MonitorRemote Networks. Select the region of interest; in this example, we will use North
America.
In the subsequent window, click on Bandwidth Usage (10.x
Panorama color scheme makes the tab hard to read) and select the region where you
want to view the performance data.
Select the site where you want to view the performance data. For the given region,
any data if present, will show in a graph, with options to choose for different time
ranges.
When there are no established VPN tunnels, the performance and utilization
numbers won't have any historical data.
IPSec Termination Nodes Within Prisma (Cloud Managed CloudBlade)
Select IPSec termination nodes within Prisma Access in the aggregate licensing model
for Cloud Managed CloudBlade.
The IPSec Termination Node logic for Prisma Access for Networks (Cloud
Managed) CloudBlade, in the Aggregate Bandwidth model, involves assigning bandwidth to a
compute region within Prisma Access.
Go to WorkflowsPrisma Access SetupRemote NetworksBandwidth Management and view the which Prisma Access, regions are configured to allocate
bandwidth for that region.
If looking at two locations, namely US East, and US Central, you can see the respective
bandwidth allocated for each region as shown below.
With Prisma Access for Networks utilizing the Aggregate Bandwidth model, for every
500 Mbps of bandwidth allocation, a compute instance will be added to support the
throughput requirements.
The compute instances behind a region are referred to as the IPSec Termination Nodes and
are visible when configuring a Remote Network onboarding.
Determine Region Bandwidth Utilization
Prior to deploying on any previous IPSec termination nodes, a
utilization of the current region bandwidth if there are preexisting VPN tunnels
should be analyzed. To view the utilization, navigate to MonitorBranch SitesPrisma AccessPrisma Access Sites.
Select the site where you want to view the performance data. For the given region,
any data if present, will show in a graph, with options to choose for different time
ranges.
