Onboard a Non-ECMP Enabled Site
Table of Contents
Onboard a Non-ECMP Enabled Site
Once the CloudBlade is configured, and the
Docker container is running and configured, you can integrate Prisma
SD-WAN and Palo Alto Prisma Access for Networks.
The
following steps differ from the previous 1.x version of the CloudBlade.
However, the previous method of tagging sites and interfaces will
still work to maintain backward compatibility and facilitate migrations.
The
most basic onboarding for the CloudBlade can be done in two simple
steps:
- Configure circuit categories.
- Navigate to
- From the list ofCircuit Categoriesdisplayed, select the ellipsis for the category that you would like to modify.
- UnderTAGS, apply theprisma_accesstag to enable the circuit category for Prisma Access.
- Once applied, the circuit category will reflect that it is enabled/tagged for Prisma Access.
- Repeat this set of steps to enable Prisma Access on the appropriate circuits.
- Configure site tag(s).
- Locate a site to onboard to Prisma Access by navigating to or .
- Select a site to modify and on the site summary screen, click theEditicon.
- On theEdit Sitescreen, select or typeprisma_accessin theTagsfield.
Once this configuration is completed, on the next integration run, the CloudBlade will begin the onboarding process to connect the Prisma SD-WAN ION device and Prisma Access. This process takes place through one or more IPSec tunnels, depending on how many interfaces and tags are configured. Note that it may take several integration cycles for all the tunnels to appear and be active on the Prisma SD-WAN portal.The default integration delay timer is 180 seconds, and can be modified with theENVvar or YAML entryRUN_INTERVAL. The delay timer is in addition to the time needed to execute the integration. So, if the run takes 10 minutes, it will be 180 seconds before the next run is attempted.