Onboard a Non-ECMP Site
Table of Contents
Expand all | Collapse all
-
- QoS CIR Support For Aggregate Bandwidth
- Prisma Access for Networks Non-Aggregate Bandwidth Licensing
- IPSec Termination Nodes in Prisma
- IPSec Termination Node Logic (Panorama Managed)
- Determine Region Bandwidth Utilization
- Determine IPSec Termination Nodes Method #1 (Remote Networking On-Boarding)
- Determine IPSec Termination Nodes Method #2 (Panorama API Method)
- IPSec Termination Node Conventions and Tag Nomenclature
-
- Onboard a Non-ECMP Site
- Set Additional Information Tag
- Configure BGP
- Assign Interface-Level Tags for Non-ECMP Sites
- Customize Prisma Access Objects Names using CloudBlade Tag
- Prisma Access for Networks Region List
- Prisma Access CloudBlade Tag Information
- Edit Application Policy Network Rules
- Understand Service and Data Center Groups
- Verify Standard VPN Endpoints
- Configure Standard Groups
- Assign Domains to Sites
- Use Groups in Network Policy Rules
- Enable, Pause, Disable, and Uninstall the Integration
-
- Monitor the Prisma Access for Networks (Panorama Managed) CloudBlade
- Understand Prisma SD-WAN and Prisma Access for Networks Integration
- Correlate Objects between Prisma SD-WAN and Panorama
- View Standard VPNs at a Site Level
- View Alerts and Alarms
- View Activity Charts
- Use the Device Toolkit
- Check Tunnel Status on Panorama
- Change Existing Panorama Serial Number Post CloudBlade Integration
Onboard a Non-ECMP Site
316 PIC
Once the CloudBlade is configured, you can integrate Prisma SD-WAN and Palo Alto Prisma Access
for Networks.
The
following steps differ from the previous 1.x version of the CloudBlade.
However, the previous method of tagging sites and interfaces will
still work to maintain backward compatibility and facilitate migrations.
The
most basic onboarding for the CloudBlade can be done in two simple steps:
- Configure circuit categories.
- Navigate toManageResourcesCircuit Categories
- From the list ofCircuit Categoriesdisplayed, select the ellipsis for the category that you would like to modify.
- UnderTAGS, apply theprisma_region:<region>:<SPN>tag to enable the circuit category for Prisma Access.
- Once applied, the circuit category will reflect that it is enabled/tagged for Prisma Access.
- Repeat this set of steps to enable Prisma Access on the appropriate circuits.
- Configure site tag(s).
- Locate a site to onboard to Prisma Access by navigating toorMapTopology.MapSites
- Select a site to modify and on the site summary screen, click theEditicon.
- On theEdit Sitescreen, select or typeprisma_accessin theTagsfield.Once this configuration is completed, on the next integration run, the CloudBlade will begin the onboarding process to connect the Prisma SD-WAN ION device and Prisma Access. This process takes place through one or more IPSec tunnels, depending on how many interfaces and tags are configured. Note that it may take several integration cycles for all the tunnels to appear and be active on the Prisma SD-WAN portal.