Onboard a Non-ECMP Enabled Site
Expand all | Collapse all
Onboard a Non-ECMP Enabled Site
Once the CloudBlade is configured, and the
Docker container is running and configured, you can integrate Prisma
SD-WAN and Palo Alto Prisma Access for Networks.
The
following steps differ from the previous 1.x version of the CloudBlade.
However, the previous method of tagging sites and interfaces will
still work to maintain backward compatibility and facilitate migrations.
The
most basic onboarding for the CloudBlade can be done in two simple
steps:
Configure circuit categories.
From the list of
Circuit Categories
displayed,
select the ellipsis for the category that you would like to modify.
Under
TAGS
, apply the
prisma_access
tag
to enable the circuit category for Prisma Access.
Once applied, the circuit category will reflect that
it is enabled/tagged for Prisma Access.
Repeat this set of steps to enable Prisma Access on
the appropriate circuits.
Configure
site tag(s).
Locate a site to onboard to Prisma Access
by navigating to or .
Select a site to modify and on the site summary screen,
click the
Edit
icon.
On the
Edit Site
screen, select
or type
prisma_access
in the
Tags
field.
Once this configuration is completed, on the next integration
run, the CloudBlade will begin the onboarding process to connect
the Prisma SD-WAN ION device and Prisma Access. This process takes
place through one or more IPSec tunnels, depending on how many interfaces
and tags are configured. Note that it may take several integration
cycles for all the tunnels to appear and be active on the Prisma
SD-WAN portal.
The default integration delay timer is 180 seconds, and can
be modified with the
ENV
var or YAML entry
RUN_INTERVAL
.
The delay timer is in addition to the time needed to execute the
integration. So, if the run takes 10 minutes, it will be 180 seconds
before the next run is attempted.