Prisma SD-WAN Administrator’s Guide
    : Configure Internet Ports
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma
    3. Prisma SD-WAN
    4. Prisma SD-WAN Administrator’s Guide
    5. Prisma SD-WAN Sites and Devices
    6. Prisma SD-WAN Ports and Interfaces
    7. Configure Internet Ports
    Download PDF

    Prisma SD-WAN Administrator’s Guide

    Configure Internet Ports

    Table of Contents

    Configure Internet Ports

    Let us learn to configure internet ports.
    Where Can I Use This?What Do I Need?
    • Prisma SD-WAN
    • Active Prisma SD-WAN license
    1. From internet ports, select a port pair.
    2. To enable the interface, for Admin Up, select Yes.
    3. (Optional) Enter a description.
    4. For Interface Type, select Port.
    5. For Use these Ports For, select Internet.
      Alternatively, you can select Private WAN for Use these Ports For to configure a WAN port for a Private WAN circuit.
    6. For Scope, toggle Local or Global.
      The default is Local.
      If the scope is local, the route is not advertised to the data center.
      If the scope is global, the route is advertised to the data center.
      • This setting is applicable only to branch sites. It is not applicable to data center sites.
      • Configuring a global static route will advertise the destination IP/prefix to other sites automatically.
    7. For Circuit Label, select the circuit label that corresponds to your internet connection for this site.
    8. Select Enable IPv6 On This Interface to configure IPv6.
    9. For IPv6 Configuration, select AutoConf or Static.
      Autoconf indicates the Global IP address is derived using stateless address autoconfiguration (SLAAC).
      Choose Static if the IP address is fixed and is manually assigned. Additionally specify the IPv6 Address/Mask, Default Gateway (IPv6), and DNS server(s)(IPv6).
    10. For IPv4 Configuration, select DHCP or Static.
      Choose DHCP if the IP address is dynamically assigned.
      Choose Static if the IP address is fixed and is manually assigned. Additionally specify the IP Address/Mask, Default Gateway, and DNS server(s).
    11. In Advanced Options, (optional) specify MAC, IP MTU, External NAT Address and Port (IPv4), External NAT Address and Port (IPv6),and Physical from the available range.
      IP MTU value should be at least 1280 for IPv6. If it is less than 1280, IPv6 cannot be enabled.
    12. Click Save Port.
      The ION device inherently hardens all the ports designated as Internet. You can access only UDP 4500, 500 (ISAKMP), and ESP ports. The utilization of UDP port 500 (ISAKMP) is exclusively reserved for standard VPNs. Configure the ports accordingly to avoid automatic rejection of requests. The ION device blocks any unsolicited incoming internet traffic.

    © 2024 Palo Alto Networks, Inc. All rights reserved.