>
    Strata Copilot
    Integrate Prisma Access with Cisco Meraki SD-WAN (Aggregate Bandwidth)
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma Access
    3. Integrate Third-Party SD-WANs with Prisma Access
    4. Cisco Meraki SD-WAN Solution Guide
    5. Integrate Prisma Access with Cisco Meraki SD-WAN (Aggregate Bandwidth)
    Download PDF
    Prisma Access

    Integrate Prisma Access with Cisco Meraki SD-WAN (Aggregate Bandwidth)

    Table of Contents

    Integrate Prisma Access with Cisco Meraki SD-WAN (Aggregate Bandwidth)

    Learn to integrate Prisma Access with Cisco Meraki in the aggregate bandwidth licensing model.
    Where Can I Use This?What Do I Need?
    • Prisma Access (Managed by Strata Cloud Manager)
    • Prisma Access license
    • Minimum Required Prisma Access Version: 2.1 Preferred or a later version
    • Active Cisco Meraki Dashboard subscription
    • Physical Cisco Meraki (MX or Z) devices or virtual Cisco Meraki (vMX) devices with a minimum version of 15.12
    Prisma Access provides a flexible way to effectively secure Cisco Meraki SD-WAN deployments. By delivering security from the cloud and closer to the branch networks, Prisma Access lets you optimize networking and security with the same protections that you have at corporate headquarters.
    As with other SD-WAN deployments, you secure the Cisco Meraki SD-WAN by onboarding a remote network using IPSec tunnels between the Cisco Meraki SD-WAN and Prisma Access. Using Prisma Access, you can secure SD-WAN devices at a branch, at a data center, or both, as shown in the topic Integrate Third-Party SD-WANs with Prisma Access.
    You can onboard a remote network using IPSec tunnels between the Cisco Meraki SD-WAN device and Prisma Access automatically or manually. See the product requirements below for eligible devices that support this automation. The automation also supports devices in MX Warm Spare – high-availability pair mode. To onboard the Cisco Meraki networks manually, see Integrate Prisma Access with Cisco Meraki SD-WAN (Manual Integration). Ensure you meet the following requirements before you integrate Prisma Access with Cisco Meraki:
    ProductRequirement
    Prisma Access
    • Update your Prisma Access to version 2.1 Preferred or a later version.
      • Migrate remote networks to the aggregate bandwidth model.
      • Activate bandwidth license per compute location.
    Cisco Meraki
    • Active Cisco Meraki Dashboard subscription
    • Physical Cisco Meraki (MX or Z) devices or virtual Cisco Meraki (vMX) devices with a minimum version of 15.12 in Cisco Meraki Hub or Spoke networks
    • Cisco Meraki devices should be in Appliance or Combined type networks
    • Cisco Meraki networks that have enabled the VPN Mode in the Site-to-Site VPN configurations
    To secure a Cisco Meraki SD-WAN with Prisma Access, complete the following steps.
    1. Configure Cisco Meraki SD-WAN based on the requirements mentioned above.
    2. If you have not already, allocate bandwidth for Prisma Access locations.
      1. Go to ConfigurationNGFW and Prisma AccessConfiguration ScopePrisma AccessRemote NetworksBandwidth Management.
      2. Edit the Assigned Bandwidth for the remote network’s compute location.
      3. Push the changes.
    3. Go to Cisco Meraki Integration with Prisma Access settings.
      1. Select System SettingsIntegrationsThird Party SD-WAN.
      2. Locate the Cisco Meraki Integration with Prisma Access application.
        Contact your Palo Alto Networks account team if you don’t see this integration option.
    4. Enter the information needed to establish a connection between Prisma Access and Cisco Meraki by editing the Settings.
      1. Generate Cisco Meraki API Key in Cisco Meraki dashboard, and enter the key information.
      2. Enter the PSK Seed, which is a string used to derive pre-shared keys (PSKs) per tunnel.
      3. (Optional) Enter an FQDN IKE identifier as the Local Identifier in the following syntax: name@domain.com
        This identifier acts as a template to generate a unique ID per tunnel.
      4. (Optional) Enter an FQDN IKE identifier different from the local identifier as the Remote Identifier in the following syntax: name@domain.com
      5. Set the Admin State as Enabled.
        You can set Admin State in the following modes:
        • Enabled: Enables the integration to discover new networks on Cisco Meraki that are eligible for tunnel formation with Prisma Access. Additionally, this verifies current configurations.
        • Disabled: Disable the integration to remove all configurations created, in Prisma Access as well as in Cisco Meraki, when a connection was set up between them.
          Upon disabling, the system will initiate a complete teardown of all configurations and objects on both Prisma Access and Cisco Meraki.
        • Paused: When you pause the integration, you can no longer add new networks or remove any unconfigured networks. However, the current configurations don't change.
      6. Check Connectivity to verify the connection.
      7. Save the changes.
        You can Save changes only after you Check Connectivity every time you change settings or configurations.
        After you save the changes, you can see the Cisco Meraki networks eligible for tunnel formation with Prisma Access in Discovered Sites. Cisco Meraki networks are displayed as sites here. It might take some time to view the discovered sites.
    5. Establish the tunnel setup between Prisma Access and Cisco Meraki devices.
      1. View the discovered Cisco Meraki networks and their information by clicking the site count.
        The integration checks every 3 hours for new Cisco Meraki networks. You can also initiate an on-demand site discovery.
      2. (Optional) Select the nearest Prisma Access Location for the networks.
      3. (Optional) Select IPSec Termination Node for each site.
        If you select the same Prisma Access location for multiple networks, ensure to allocate the bandwidth equally by selecting different IPSec termination nodes for the networks sharing the same Prisma Access location.
        The integration assigns Prisma Access location and IPSec termination nodes automatically. However, you can choose other Prisma Access locations or IPSec termination nodes if needed.
      4. Select the Cisco Meraki network and toggle the Enable option to establish a tunnel formation with Prisma Access.
      5. Update the changes.
        You can view all the Enabled Sites and Configured Sites in the Cisco Meraki Integration with Prisma Access application.
    6. Verify the changes in Prisma Access.
      1. Go to SettingsPrisma Access SetupRemote Networks.
        Alternatively, you can click Remote Networks - Cisco Meraki Integration with Prisma Access >.
        Verify the tunnel status. The integration creates remote networks automatically. Such remote networks have names in the following syntax: AUTO-Meraki-Network_Name
        The configuration status of Cisco Meraki networks will be In sync.
      2. View the IPSec Tunnel, IKE gateway, IKE Crypto profile, and IPSec Crypto profile details.
        Select the remote network site to view these details.
        IPSec Tunnel details:
      3. Select ActivityLog ViewerCommonAudit to view Cisco Meraki Integration with Prisma Access logs.
        The Destination Vendor specifies if the changes were made in Prisma Access or in the Cisco Meraki dashboard.
      4. (Optional) View errors or warnings in Messages.
    7. Verify the tunnel status in the Cisco Meraki dashboard.
      1. Log in to the dashboard, and select Security & SD-WANMonitorVPN Status.
      2. Check the status for non-Meraki peer.
      3. View the logs under Network-wideEvent Log for non-Meraki event types.
        Contact Cisco Systems support for any errors you see in the Cisco Meraki networks and dashboard.

    On-Demand Site Discovery

    You can initiate network discoveries anytime to view new networks added in the Cisco Meraki dashboard. You can also initiate network discoveries to resolve any misconfiguration in the integration-created objects. To initiate on-demand network discovery, perform the following steps:
    1. Select SettingsIntegrationsThird Party SD-WAN..
    2. Locate the Cisco Meraki Integration with Prisma Access application.
    3. View the discovered Meraki networks and their information by clicking the site count.
    4. Discover Sites to identify new eligible Cisco Meraki networks when required.

    © 2025 Palo Alto Networks, Inc. All rights reserved.