Default Routes with Traffic Steering Example
Table of Contents
Default Routes with Traffic Steering Example
Examples of how default routes work with Prisma Access
traffic steering.
The following example shows a sample Prisma Access deployment
the following components:
- Two Prisma Access mobile user locations; one in the United States (US) and one in Europe (EU).
- Two Prisma Access service connections; one in the US and one in the EU, with both data centers sending default routes to the service connections (Accept Default Route over Service Connections is enabled).
- Two data centers; one in the US and one in the EU.Each data center has a 3rd-party security stack; for this reason, you want all internet-bound traffic to go through the data center before egressing to the internet.
When a mobile user sends data center traffic, Prisma Access checks
its routing tables, determines the closest service connection, and
forwards the traffic to that service connection. In the following example,
Prisma Access sends data center traffic from the mobile users in
the US to Service Connection and traffic from the mobile users in
the EU to Service Connection 2.
Do not use service connections that are Dedicated
for Traffic Steering Only with default routes; dedicated
service connections do not participate in BGP routing, so they cannot
receive BGP advertisements from the HQ or data center.
To enable default routes, select Accept Default Route
over Service Connections when you configure traffic
steering settings. After you configure this setting and commit and
push your changes, Prisma Access sends internet-bound traffic over
the service connections.
