>
    Strata Copilot
    Configure PAN-OS as a Prisma SD-WAN DC
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma SD-WAN
    3. Prisma SD-WAN Administrator’s Guide
    4. Prisma SD-WAN Sites and Devices
    5. Set Up Sites
    6. Add PAN-OS as a Prisma SD-WAN Data Center
    7. Configure PAN-OS as a Prisma SD-WAN DC
    Download PDF
    Prisma SD-WAN

    Configure PAN-OS as a Prisma SD-WAN DC

    Table of Contents

    Configure PAN-OS as a Prisma SD-WAN DC

    Learn to configure PAN-OS as a Prisma SD-WAN data center.
    Where Can I Use This?What Do I Need?
    • Strata Cloud Manager
    • Prisma SD-WAN (Managed by Strata Cloud Manager)
    • Prisma SD-WAN
    • Advanced SD-WAN license for NGFW
    The core configuration primarily occurs on the Strata Cloud Manager (SCM). The workflow involves SCM sending a basic configuration request to the SD-WAN controller, which then orchestrates and returns the relevant Prisma SD-WAN configuration to SCM. SCM pushes this combined configuration to the NGFW device.
    The workflow to use PAN OS SD-WAN data center is:
    1. Onboard NGFW and move it to Cloud-managed devices.
    2. Enable Device Scope config.
    3. Enable Prisma SD-WAN on NGFW and push config; the device restarts.
    4. Device appears in Claimed state in Prisma SD-WAN devices.
    5. Configure NGFW LAN, WAN interfaces, and push config.
    6. Assign NGFW to DC site; by default Global VRF profile is attached.
    7. Prisma SD-WAN controller orchestrates the relevant logical router at the NGFW folder level.
    8. Add circuits to the DC site.
    9. Configure the logical router based on the routing needs.
    1. Onboard NGFW by navigating to ConfigurationNGFW and Prisma Access.
    2. Select the device you want to enable Prisma SD-WAN functionality and enable the Prisma SD-WAN flag on the widget.
      The Prisma SD-WAN widget in SCM is visible only if the device meets the supported platform, software version, and license requirements.
      If the SD-WAN license expires after the feature was enabled, the widget will still show in the web interface, but if you disable it after expiry, it will disappear until the license is renewed. If the feature was never enabled and the SD-WAN license expires, the widget will not appear on the web interface.
      This enables the Prisma SD-WAN configuration on the NGFW and causes a device to restart. This restart is required only the first time the feature flag is enabled. After it is enabled, it can be seen in the Claimed devices list.
    3. Assign the NGFW to a DC site on the Prisma SD-WAN controller. Select the device, then select Assign the device from the ellipsis menu and choose the DC site.
      You can view the assigned DC on the Device Overview in the Prisma SD-WAN widget.
    4. Add public or private circuits to the site from the DC Configuration page.
    5. Configure the LAN and WAN interfaces on the NGFW. Set IP addresses for public internet and private interfaces.
    6. Push the configuration after setting IP addresses.
    7. After the NGFW is assigned to a DC site, a logical router is orchestrated at the folder level where the NGFW resides. Navigate to the NGFW and configure the interfaces on the firewall for the public interface.
    8. Select the zone and IP address, and save it.
    9. Create a circuit on the DC site for a public circuit on the firewall. Save your changes.
    10. Push the configuration.
      After the configuration is pushed successfully, you can view the overlay connection status. You can view any alarms or incidents reported on the device on the Incidents Prisma SD-WAN page.
      You can also monitor your device from the InsightsPrisma SASEData Center.

    © 2026 Palo Alto Networks, Inc. All rights reserved.