>
    Strata Copilot
    Prisma SD-WAN China
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma SD-WAN
    3. Prisma SD-WAN Administrator’s Guide
    4. Prisma SD-WAN China
    Download PDF
    Prisma SD-WAN

    Prisma SD-WAN China

    Table of Contents

    Prisma SD-WAN China

    Learn about the new Prisma SD-WAN China Controller.
    Where Can I Use This?What Do I Need?
    • Prisma SD-WAN (Managed by Strata Cloud Manager)
    • Prisma SD-WAN
    Prisma SD-WAN introduces a local SD-WAN Controller in the China Region to cater to the globally distributed Enterprise customers with a need to keep a localized Control and Management plane within the China region.
    The Prisma SD-WAN China Controller provides a reliable and compliant in-country management solution for enterprise branches located in mainland China. With this solution, you get a dedicated tenant and independent operations from the global controllers, allowing you to deploy and manage your China branches just as easily as your global branches using the same operational workflow.

    Licensing

    There are two levels of licenses.
    • Level 1- This license is designed for environments with strict data localization requirements, minimizing the export of PII outside mainland China. This model requires full localization of control, data, and management planes, along with local storage of telemetry and logs.
    • Level 2- This license allows certain operational data to be exported outside mainland China.
    Prisma SD-WAN China offers Level 2 licenses. However, Prisma Access supports both Level 1 and Level 2, with Level 1 deployments managed through Panorama.

    Hardware and Compliance

    Prisma SD-WAN ION devices are certified to be sold and deployed within mainland China. The following hardware appliances (excluding cellular devices) hold the required NAL (Network Access License) and CQC (China Quality Certification) certifications for electrical safety and EMC compliance:
    • ION 1200
    • ION 1200-S
    • ION 3200
    • ION 5200
    • ION 9200

    Deployment Architectures

    The Prisma SD-WAN fabric is local to your mainland China tenant. You can deploy Prisma SD-WAN China in the following ways:
    • Standalone Deployment: SD-WAN fabric is local to the mainland China tenant. Global data centers can be accessed through customer-managed cross-border connectivity solutions.
    • Prisma Access for SASE Deployment: Prisma SD-WAN fabric is local to the mainland China tenant. Global data centers can be accessed through Prisma Access as Transit. You can manage your cross-border connectivity or leverage the Palo Alto Networks Cross-Border Link (PAN-CBL).
      • Cross Border Line (CBL): Uses IPSec tunnels to bypass GFW inspection for global SaaS and private apps.
      • Premium Internet (PI): Uses GRE tunnels for web traffic subject to GFW inspection.
    Tenancy Requirements
    For global deployments with both Global controller and China controller, each needs to be in its own tenant with SCM as the central management plane.
    Telemetry Region
    The telemetry region for this controller is in Singapore.

    Connect and Verify on Strata Cloud Manager

    When the ION device boots up, it automatically connects to the dedicated China Controller.
    To verify connectivity in Strata Cloud Manager:
    1. Navigate to Insights Prisma SD-WAN Dashboard.
    2. Check the Device To Controller Connectivity widget.
      The dashboard shows the Controller Region as Everest, which explicitly indicates connectivity to the China controller.

    © 2026 Palo Alto Networks, Inc. All rights reserved.