Onboard a ZTNA Connector in VMware ESXi
Focus
Focus
Prisma Access

Onboard a ZTNA Connector in VMware ESXi

Table of Contents

Onboard a ZTNA Connector in VMware ESXi

Onboard a ZTNA Connector in VMware ESXi.
To onboard a ZTNA Connector in VMware ESXi, complete the following steps. Before you start, be sure to review the requirements and guidelines for ZTNA in general and VMware ESXi deployments in particular.
Before you begin, review the requirements and guidelines and the FQDNs and ports you need to configure to use ZTNA Connector with VMware ESXi.
  1. Retrieve the OVA file from Palo Alto Networks.
    Palo Alto Networks provides this on the Customer Service Portal (CSP).
  2. Open VMware vCenter, select, and right-click the host and select
    Deploy OVF Template
    .
  3. Select the location from the Connector OVA (either a URL or a local file) and select
    Next
    .
  4. Enter a virtual machine name and a location for the virtual machine.
  5. Select the compute resource for the VM.
  6. Review the details for the template and select
    Next
    .
  7. Select
    Thick Provision Lazy Zeroed
    for the virtual disk format and the appropriate datastore for the ZTNA Connector VM.
  8. Configure the network settings for the interfaces that you created using the OVA configuration wizard.
    • Port 1 is the WAN-facing port group for IPSec connectivity to Prisma Access.
    • Port 2 is the app-facing port group.
  9. If you didn’t do so already, go to
    Prisma SASE Platform
    Settings
    ZTNA Connector
    Connectors
    , find the Connector object you created in
    Prisma Access
    to associate with this VM, and select
    Copy Token
    ; then, copy the
    Key
    and
    Secret
    values.
    If you're using Strata Cloud Manager, go to
    Workflows
    ZTNA Connector
    Connectors
    .
  10. In the
    Additional Settings
    screen, make the following configuration changes.
    • Licensing
      area—Enter the
      Key
      and
      Secret
      values you retrieved from the Prisma SASE Portal.
    • Port 1
      (the
      Prisma Access
      -facing port) area—Make the following changes:
      • Role
        —Public WAN.
      • Port Config
        —Either
        DHCP
        or
        Static
        .
        If you select
        Static
        , enter IP address, subnet mask, gateway, and both DNS server values.
        If you use DHCP, leave the default zeroes in the fields as shown in the following screenshot.
    • Port 2
      (the app-facing port) area—Make the following changes:
      • Role
        —Private WAN
      • Port Config
        —Either
        DHCP
        or
        Static
        If you select
        Static
        , enter IP address, subnet mask, gateway, and DNS server values
    • Advanced Optional Configuration
      —Leave all settings as
      Default
      .
  11. Review the summary then select
    Finish
    .
  12. After deploying the virtual server, confirm that it has come up.
    After the ESXi virtual server comes up,
    Prisma Access
    completes the configuration of the device to be used as a ZTNA Connector.
  13. On the Prisma SASE Portal, go to
    Settings
    ZTNA Connector
    Connectors
    , find the Connector you want to use, and make sure that it shows
    tunnel up
    .
    If you're using Strata Cloud Manager, go to
    Workflows
    ZTNA Connector
    Connectors
    .

Recommended For You