: Troubleshoot the AWS Tansit Gateway Integration
Focus
Focus

Troubleshoot the AWS Tansit Gateway Integration

Table of Contents

Troubleshoot the AWS Tansit Gateway Integration

Lets see how to Troubleshoot the AWS Transit Gateway Integration CloudBlade in Prisma SD-WAN.

Prisma SD-WAN vION does not show up under unclaimed devices

  1. Check on AWS if the CloudFormation stack creation was successful.
  2. Confirm if at least 2 x v7108 licenses are available for the vION HA pair creation, for each region where you wish to deploy.
  3. Check if there are at least 2 Elastic IPs available, for each region where you wish to deploy.

BGP peering is down

  1. Check if the GRE tunnel is created.
  2. Check if the connect attachment and connect peers are configured. Ensure the connect BGP peers is in Available state.
  3. Check on AWS if the Prisma SD-WAN Connect VPC’s route table has a route to the TGW CIDR.
  4. Check if EBGP Multihop is configured for the BGP peer on the Prisma SD-WAN portal for each ION.

End to end traffic does not go through

  1. Check if Prisma SD-WAN VPNs are up between branch site and AWS DC site.
  2. Check if the BGP peering between Datacenter IONs and the Transit Gateway is up and the routes are learned and advertised from the active ION.
  3. Check the flow browser for the branch ION from where the traffic is being sent to the AWS VPC.
  4. Check if the service and DC group includes the AWS Datacenter.
  5. Check the Path policy.
  6. Check if there is a security policy rule that is blocking traffic.
  7. Check Application VPC’s route table and security group.