Prisma Access
Onboard a ZTNA Connector in Amazon Web Services
Table of Contents
Onboard a ZTNA Connector in Amazon Web Services
Onboard a ZTNA Connector in Amazon Web Services.
- Review the requirements and guidelines and the FQDNs and ports you need to configure to use ZTNA Connector in Amazon Web Services (AWS).
- On the Prisma SASE Platform, retrieve and copy the Connector key and secret values: , find the Connector object you created inPrisma Accessto associate with this VM, and selectCopy Token; then, copy theKeyandSecretvalues.If you're using Strata Cloud Manager, go to .
- Fordeployment, you must retrieve and copy the Connector Group key and secret values: , find the Connector Group object you created inPrisma AccessZTNA Connector 1-Arm Auto-ScalingPrisma Accessto associate with this VM, and selectCopy Token; then, copy theKeyandSecret.If you're using Strata Cloud Manager, go to .
After you’ve met all the prerequisites, follow these steps to onboard a
Prisma Access
ZTNA Connector in AWS.- Go to AWS Marketplace and search forPrisma Access ZTNA Connector.
- Choose the software plan that best suits your requirement.
Deploy ZTNA Connector 1-Arm in AWS
Follow these steps to deploy ZTNA Connector 1-Arm in AWS.
- Selectcloud formation template.Prisma AccessZTNA Connector 1-Arm
- Configure these on theSpecify stack detailspage:
- Enter theStack nameto identify the stack.
- In theParameterssection, specify the parameters defined in the stack template.
- SelectWhich VPC should ZTNA Connector be deployed to.
- Specify the subnet for the single port, where you've provisioned applications to onboard to this Connector. You need to have access to the internet from this subnet via a NAT Gateway.
- Enter the PrismaZTNA Connector License Keyand PrismaZTNA Connector License Secretvalues you retrieved from the Prisma SASE Portal.
Deploy ZTNA Connector 1-Arm with Autoscale in AWS
Follow these steps to deploy ZTNA Connector 1-Arm with Autoscale in AWS.
- Selectcloud formation template.Prisma AccessZTNA Connector 1-Arm Auto-Scaling
- Configure these parameters on theSpecify stack detailspage:
- Enter the uniqueStack namefor the deployment.
- Specify the parameters defined in the stack template in theParameterssection:
- SelectWhich VPC should ZTNA Connector be deployed to.
- Specify the subnet for the single port, where you've provisioned applications to onboard to this Connector. You need to have access to internet from this subnet via a NAT Gateway.
- In theRequired Auto Scaling Group Configuration:
- Enter theMinimum ZTNA Connectorsrequired in the auto-scaling group.
- Enter theMaximum ZTNA Connectorsrequired in the auto-scaling group. The maximum number of ZTNA Connectors allowed in the Connector Group is 4.
- Set thePercentage of Network Bandwidth for Scale Out. The default and recommended value is 70%.
- Enter the PrismaZTNA Connector License KeyandZTNA Connector License Secretvalues you retrieved from the Prisma SASE Portal.
Deploy ZTNA Connector 2-Arm in AWS
Follow these steps to deploy ZTNA Connector 2-Arm in AWS.
- SelectPrisma AccessZTNA Connector 1-Arm Deployment cloud formation template.
- On theSpecify stack detailspage:
- Enter theStack namefor the deployment.
- Specify the parameters defined in your stack template In theParameterssection.
- SelectWhich VPC should ZTNA Connector be deployed to.
- Specify the public subnet for the Internet portfor WAN connectivity to IPSec. This subnet needs to be associated with a NAT Gateway for internet connectivity.
- Specify the private subnet for Data Center LAN port, where you've provisioned applications to onboard to this Connector. Make sure you have access to internet from this subnet via a NAT Gateway.
- Enter theInstance Name
- Enter the PrismaZTNA Connector License Keyand PrismaZTNA Connector License Secretvalues you retrieved from the Prisma SASE Portal.
