Remote Networks—High Performance Capabilities and Guidelines

• Up to 3 Gbps aggregate bandwidth per node in a compute region
• Up to 2 Gbps bandwidth per remote network tunnel from a remote site
• Up to 500 remote branches per service IP address with Prisma SD-WAN and extended (third-party) CPE deployments

• Prisma Access Locations—Remote Networks—High Performance support a subset of Prisma Access locations.
• Quality of Service (QoS)—For branch sites, Prisma Access supports QoS at a per-site level, and the QoS Profile you select applies to the entire site.
• Committed Information Rate (CIR)—To secure and commit the amount of bandwidth used per site, specify a CIR. If there are multiple remote networks that share bandwidth in a compute location, the Remote Network—High Performance receives at least the bandwidth specified in the CIR when there is contention with other sites in that compute location.
• IPSec Termination Nodes—Unlike remote networks, you don't need to select an IPSec termination node during onboarding for Prisma Access (Managed by Strata Cloud Manager) deployments. Prisma Access automatically load-balances the remote network connections to maximize the bandwidth allocation to the sites.
  You still need to select an IPSec termination node for remote networks onboarded from Panorama.
• Tunnel and Compute Location Redundancy and Maximum Tunnels Per Site—A high-performance remote network lets you configure both location and IPSec redundancy.
  • Location redundancy (specifying a Primary location in one compute location and specifying a Secondary location in a separate compute location).
    Configuring a secondary location is optional, and the secondary location must be in a different compute location than the primary location.
  • IPSec tunnel redundancy (specifying tunnels as Active/Active or Active/Passive).
  This table provides you with the minimum and maximum number of locations per tunnel.

  Location Deployment Type	Tunnel Deployment Type	Minimum Number of Tunnels	Maximum Number of Tunnels
  Primary only	Active/Passive	1	2
  Primary only	Active/Active	2	4
  Primary and Secondary	Active/Passive	2	4
  Primary and Secondary	Active/Active	4	8

• Service IP Address Allocation Based on Deployment Type—The number of Service IP Addresses you receive depends on if you have set up your high-performance remote networks in a single location or if you have set them up using two different locations in a primary and secondary deployment.
  • If you have set up your high-performance remote network in a single location with no secondary location, Prisma Access provides you with a single Service IP address.
  • If you set up compute location redundancy in a primary and secondary configuration, Prisma Access provides you with two Service IP addresses (one each for the primary and secondary configuration).
  If you set up IPSec tunnels in an Active/Passive configuration, Prisma Access provides you with a single Service IP address for both tunnels (the same as a standard Prisma Access remote network configuration).
• Service IP Address Allocation Based on Bandwidth—Prisma Access provides you with a single IP address or FQDN for every 3 Gbps of bandwidth in a compute location.
• Bandwidth Per Compute Location—You allocate bandwidth per compute location the same as allocating bandwidth for a standard remote network. You can plan and allocate the bandwidth before you begin configuration or during high-performance remote network creation.

• Prisma Access (Managed by Strata Cloud Manager)
• Prisma Access (Managed by Panorama)