Home
EN
Location
Documentation Home
Palo Alto Networks
Support
Live Community
Knowledge Base
>
Clear
Onboard a ZTNA Connector in VMware ESXi
Updated on
Mar 4, 2024
Focus
Download PDF
Updated on
Mar 4, 2024
Focus
Home
Prisma Access
Prisma Access ZTNA Connector
Onboard the ZTNA Connector VM in Your Data Center
VMware ESXi Deployments Supported by Prisma Access ZTNA Connector
Onboard a ZTNA Connector in VMware ESXi
Download PDF
Prisma Access
Onboard a ZTNA Connector in VMware ESXi
Table of Contents
Filter
Expand All
|
Collapse All
Prisma Access Docs
Administration
Version
Prisma Access China
4.0 & Later
3.2 Preferred and Innovation
3.1 Preferred and Innovation
3.0 Preferred and Innovation
2.2 Preferred
Integrations
Incidents & Alerts
Release Notes
Version
5.0 Preferred and Innovation
4.2 Preferred
4.1 Preferred
4.0 Preferred
3.2 Preferred and Innovation
3.1 Preferred and Innovation
3.0 Preferred and Innovation
2.2 Preferred
Previous
VMware ESXi Deployments Supported by Prisma Access ZTNA Connector
Next
KVM Deployments Supported by Prisma Access ZTNA Connector
Onboard a ZTNA Connector in VMware ESXi
Onboard a ZTNA Connector in VMware ESXi.
To onboard a ZTNA Connector in VMware ESXi, complete the following steps. Before you start, be sure to review the
requirements and guidelines
for ZTNA in general and VMware ESXi deployments in particular.
Before you begin, review the
requirements and guidelines
and the
FQDNs and ports you need to configure
to use ZTNA Connector with VMware ESXi.
Retrieve the OVA file from Palo Alto Networks.
Palo Alto Networks provides this on the
Customer Service Portal (CSP)
.
Open VMware vCenter, select, and right-click the host and select
Deploy OVF Template
.
Select the location from the Connector OVA (either a URL or a local file) and select
Next
.
Enter a virtual machine name and a location for the virtual machine.
Select the compute resource for the VM.
Review the details for the template and select
Next
.
Select
Thick Provision Lazy Zeroed
for the virtual disk format and the appropriate datastore for the ZTNA Connector VM.
Configure the network settings for the interfaces that you created using the OVA configuration wizard.
Port 1 is the WAN-facing port group for IPSec connectivity to Prisma Access.
Port 2 is the app-facing port group.
If you didn’t do so already, go to
Prisma SASE Platform
Settings
ZTNA Connector
Connectors
, find the Connector object you created in
Prisma Access
to associate with this VM, and select
Copy Token
; then, copy the
Key
and
Secret
values.
If you're using Strata Cloud Manager, go to
Workflows
ZTNA Connector
Connectors
.
In the
Additional Settings
screen, make the following configuration changes.
Licensing
area—Enter the
Key
and
Secret
values you retrieved from the Prisma SASE Portal.
Port 1
(the
Prisma Access
-facing port) area—Make the following changes:
Role
—Public WAN.
Port Config
—Either
DHCP
or
Static
.
If you select
Static
, enter IP address, subnet mask, gateway, and both DNS server values.
If you use DHCP, leave the default zeroes in the fields as shown in the following screenshot.
Port 2
(the app-facing port) area—Make the following changes:
Role
—Private WAN
Port Config
—Either
DHCP
or
Static
If you select
Static
, enter IP address, subnet mask, gateway, and DNS server values
Advanced Optional Configuration
—Leave all settings as
Default
.
Review the summary then select
Finish
.
After deploying the virtual server, confirm that it has come up.
After the ESXi virtual server comes up,
Prisma Access
completes the configuration of the device to be used as a ZTNA Connector.
On the Prisma SASE Portal, go to
Settings
ZTNA Connector
Connectors
, find the Connector you want to use, and make sure that it shows
tunnel up
.
If you're using Strata Cloud Manager, go to
Workflows
ZTNA Connector
Connectors
.
Previous
VMware ESXi Deployments Supported by Prisma Access ZTNA Connector
Next
KVM Deployments Supported by Prisma Access ZTNA Connector
Recommended For You