Prisma SD-WAN Administrator’s Guide
    : Configure Device Initiated Connections for Circuits
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma
    3. Prisma SD-WAN
    4. Prisma SD-WAN Administrator’s Guide
    5. Prisma SD-WAN Sites and Devices
    6. Set Up Sites
    7. Configure Device Initiated Connections for Circuits
    Download PDF

    Prisma SD-WAN Administrator’s Guide

    Configure Device Initiated Connections for Circuits

    Table of Contents

    Configure Device Initiated Connections for Circuits

    ION devices can connect to the controller for various services such as MRL service, statistics, flows, logs, and remote access of device toolkit.
    Where Can I Use This?What Do I Need?
    • Prisma SD-WAN
    • Active Prisma SD-WAN license
    Prisma SD-WAN ION devices initiate multiple connections to the controller for various services such as Message Routing Layer (MRL) service, statistics, flows, logs, and remote access of device toolkit. For services connecting to the controller using random paths or interfaces, you can exclude certain interfaces or paths from being used for these services. For example, an expensive metered LTE circuit is used as a last resort interface to maintain connectivity to the controller.
    In addition, ION devices generate application reachability probes when an application or prefix is unreachable for a particular path. However, if a particular circuit is to be used as a path of last resort only, then the amount of non end-user traffic going over that specific circuit should be minimized. You can exclude certain circuits and circuit categories from being used for device initiated connections by using the Use for controller connections and Use for application probes options.
    You can prioritize ION device interfaces use for device initiated connections in the order of first controller port interface, LAN port, any interface which does not have a label attached, but has an IP address, and then interfaces with circuit labels attached. The order of preference is based on the cost of a circuit. A circuit with a higher cost has a lower preference for device to controller connections.
    1. Select WorkflowsSites/Data CentersConfiguration.
    2. Click Change Circuits for either Internet Circuits or Private WAN Circuits.
    3. Click Edit below the circuit name.
    4. On the Circuit Information screen, select Yes for Controller Connections, only if using the circuit for connecting to the controller for device related services.
      Select No, if this circuit is to be excluded from connecting to the controller for device related services such as metered LTE circuits.
      Select Use Circuit Category Setting for selecting the configuration from the Circuit Category.
    5. Select Yes for App Reachability Probes, only if using the circuit for checking the reachability of an application for a given path.
      Select No, if this circuit is to be excluded from checking the reachability of an application for a given path such as metered LTE circuits. Select Use Circuit Category Setting for selecting the configuration from the Circuit Category.
    6. Click Done.
      A DEVICESW_INITIATED_CONNECTION_ON_EXCLUDED_PATH alarm is generated when a device initiated controller connection is established using an excluded interface or path. The lack of an available interface or path has forced the connection on an excluded path or interface as a last resort.

    © 2024 Palo Alto Networks, Inc. All rights reserved.