Onboard a Non-ECMP Site

Table of Contents

Filter

Expand All | Collapse All

Prisma SD-WAN Docs

Administration
Deployment
Incidents & Alerts
CloudBlades
Version
- AWS Transit Gateway
- Azure vWAN
- Azure vWAN with vION
- ChatBot for MS Teams
- ChatBot for Slack
- CloudBlades Integration with Prisma Access
- GCP NCC
- Service Now
- Zoom QSS
- Zscaler Internet Access
Reference
Release Notes
Version
- ION 5.2
- ION 5.3
- ION 5.4
- ION 5.5
- ION 5.6
- ION 6.0
- ION 6.1
- ION 6.2
- ION 6.3
- ION 6.4
- New Features Guide
- On-Premises Controller
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed
- Prisma SD-WAN CloudBlades

Onboard an ECMP Site

Prisma Access CloudBlade Tag Information

Onboard a Non-ECMP Site

Onboard a non-ecmp site and assign interface level tags for non-ecmp sites.

Where Can I Use This?	What Do I Need?
Prisma Access CloudBlade (Panorama Managed). Prisma Access CloudBlade (Cloud Managed).	Prisma SD-WAN License. Prisma Access for Networks Subscription. Supported Cloud plugin Versions. Prisma Access CloudBlade (Cloud Managed) version 3.x.x and later. Prisma Access CloudBlade (Panorama Managed) versions 3.x.x and 4.x.x.

After configuring the CloudBlade, you can integrate Prisma SD-WAN and Prisma Access for Networks. The most basic onboarding for the CloudBlade can be done in two simple steps:

Configure circuit categories.
1. Navigate to ManagePrisma SD-WANResourcesCircuit Categories.
2. From the list of Circuit Categories displayed, select the ellipsis for the category that you would like to modify.
3. Under TAGS, apply the prisma_region:<region>:<SPN> tag to enable the circuit category for Prisma Access.
4. Once applied, the circuit category will reflect that it's enabled and tagged for Prisma Access.
5. Repeat this set of steps to enable Prisma Access on the appropriate circuits.
Configure site tags.
1. Locate a site in Prisma SD-WAN to onboard to Prisma Access by navigating to WorkflowsPrisma SD-WAN SetupBranch Sites.
2. Select a site to modify and on the Configuration screen, click the edit icon.
3. On the Edit Site screen, select or type prisma_access in the Tags field.
  
  Once this configuration is completed, on the next integration run, the CloudBlade will begin the onboarding process to connect the Prisma SD-WAN ION device and Prisma Access. This process takes place through one or more IPSec tunnels, depending on how many interfaces and tags are configured. This can take several integration cycles for all the tunnels to appear and be active on the Prisma SD-WAN web interface.
Configure BGP
1. Click the extended prisma_access tag and navigate to the BGP section.
  
  You can also view or change the BGP settings for Prisma Access from the BGP section.
  
  If the site already has a Global BGP configuration, this won't change the AS parameters under RoutingBGP.
2. (Optional) Select Prisma SD-WAN receive Default Route from Prisma Access if needed.
  
  At this time, this can be left unchecked based on how Prisma SD-WAN instantiates the Standard VPN to Prisma Access.
3. (Optional) Select Prisma forward received Branch Routes from Prisma SD-WAN if needed.

Assign Interface-Level Tags for Non-ECMP Sites

Tag interfaces appropriately to add them to a non-ECMP deployment for Prisma Access.

In aggregate bandwidth mode, tag the appropriate interface as prisma_region:region_name:node_name in the Tags field.
In non-aggregate bandwidth mode, tag the appropriate interface as prisma_region:node_name in the Tags field.

Onboard an ECMP Site

Prisma Access CloudBlade Tag Information

Prisma SD-WAN Docs

Onboard a Non-ECMP Site

Prisma SD-WAN Docs

Onboard a Non-ECMP Site

Assign Interface-Level Tags for Non-ECMP Sites

Activation & Onboarding

SASE

Visibility & Monitoring

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

Prisma SD-WAN Integration

Prisma SD-WAN Experts Corner

Best Practices