Default Routes with Traffic Steering Example
Focus
Focus
Prisma Access

Default Routes with Traffic Steering Example

Table of Contents

Default Routes with Traffic Steering Example

Examples of how default routes work with Prisma Access traffic steering.
Where Can I Use This?What Do I Need?
  • Prisma Access (Managed by Panorama)
  • Prisma Access license
The following example shows a sample Prisma Access deployment the following components:
  • Two Prisma Access mobile user locations; one in the United States (US) and one in Europe (EU).
  • Two Prisma Access service connections; one in the US and one in the EU, with both data centers sending default routes to the service connections (Accept Default Route over Service Connections is enabled).
  • Two data centers; one in the US and one in the EU.
    Each data center has a 3rd-party security stack; for this reason, you want all internet-bound traffic to go through the data center before egressing to the internet.
When a mobile user sends data center traffic, Prisma Access checks its routing tables, determines the closest service connection, and forwards the traffic to that service connection. In the following example, Prisma Access sends data center traffic from the mobile users in the US to Service Connection and traffic from the mobile users in the EU to Service Connection 2.
Do not use service connections that are Dedicated for Traffic Steering Only with default routes; dedicated service connections do not participate in BGP routing, so they cannot receive BGP advertisements from the HQ or data center.
To enable default routes, select Accept Default Route over Service Connections when you configure traffic steering settings. After you configure this setting and commit and push your changes, Prisma Access sends internet-bound traffic over the service connections.