Learn to configure PAN-OS as a Prisma SD-WAN data center.
Where Can I Use This?
What Do I Need?
Strata Cloud Manager
Advanced SD-WAN license for NGFW
The core configuration primarily occurs on the Strata Cloud Manager (SCM ).
The workflow involves SCM sending a basic configuration request to the SD-WAN
controller, which then orchestrates and returns the relevant Prisma SD-WAN
configuration to SCM. SCM pushes this combined configuration to the NGFW device.
The workflow to use PAN OS SD-WAN data center is:
Onboard NGFW and move it to Cloud-managed devices.
Enable Device Scope config.
Enable Prisma SD-WAN on NGFW and push config; device restarts.
Device appears in Claimed state in Prisma SD-WAN devices.
Configure NGFW LAN, WAN interfaces, and push config.
Assign NGFW to DC site; by default Global VRF profile is
attached.
Prisma SD-WAN controller orchestrates the relevant logical router at
the folder level of NGFW.
Add circuits to the DC site.
Configure the logical router based on the routing needs.
Onboard NGFW by navigating to ConfigurationNGFW and Prisma Access.
Select the device you want to enable Prisma SD-WAN functionality and enable the
Prisma SD-WAN flag on the widget.
The Prisma SD-WAN widget in SCM is visible only if the
device meets the supported platform,
software version, and license requirements.
If the SD-WAN license expires
after the feature was enabled, the widget will still show in the web
interface, but if you disable it after expiry, it will disappear until
the license is renewed. If the feature was never enabled and the SD-WAN
license expires, the widget will not appear on the web
interface.
This enables the Prisma SD-WAN configuration on the NGFW and causes
a device to restart. This restart is required only the first time the
feature flag is enabled. After it is enabled, it can be seen in the
Claimed devices list.
Assign the NGFW to a DC site on the Prisma SD-WAN controller. Select the
device, then select Assign the device from the ellipsis
menu and choose the DC site.
You can view the assigned DC on the Device Overview in the Prisma
SD-WAN widget.
Configure the LAN and WAN interfaces on the NGFW. Set IP addresses for public
internet and private interfaces.
Push the configuration after setting IP addresses.
After the NGFW is assigned to a DC site, a logical router is orchestrated at
the folder level where the NGFW resides. Navigate to the NGFW and configure the
interfaces on the firewall for the public interface.
Select the zone and IP address, and save it.
Create a circuit on the DC site for a public circuit on the firewall. Save your
changes.
Push the configuration.
After the configuration is pushed successfully, you can view the overlay
connection status. You can view any alarms or incidents reported on the device
on the Incidents Prisma SD-WAN page.
You can also monitor your device from the InsightsPrisma SASEData Center.
