Configure and Install Prisma Access for Networks (managed by Panorama)
Table of Contents
Expand all | Collapse all
-
- QoS CIR Support For Aggregate Bandwidth
- Prisma Access for Networks Non-Aggregate Bandwidth Licensing
- IPSec Termination Nodes in Prisma
- IPSec Termination Node Logic (Panorama Managed)
- Determine Region Bandwidth Utilization
- Determine IPSec Termination Nodes Method #1 (Remote Networking On-Boarding)
- Determine IPSec Termination Nodes Method #2 (Panorama API Method)
- IPSec Termination Node Conventions and Tag Nomenclature
-
- Onboard a Non-ECMP Site
- Set Additional Information Tag
- Configure BGP
- Assign Interface-Level Tags for Non-ECMP Sites
- Customize Prisma Access Objects Names using CloudBlade Tag
- Prisma Access for Networks Region List
- Prisma Access CloudBlade Tag Information
- Edit Application Policy Network Rules
- Understand Service and Data Center Groups
- Verify Standard VPN Endpoints
- Configure Standard Groups
- Assign Domains to Sites
- Use Groups in Network Policy Rules
- Enable, Pause, Disable, and Uninstall the Integration
-
- Monitor the Prisma Access for Networks (Panorama Managed) CloudBlade
- Understand Prisma SD-WAN and Prisma Access for Networks Integration
- Correlate Objects between Prisma SD-WAN and Panorama
- View Standard VPNs at a Site Level
- View Alerts and Alarms
- View Activity Charts
- Use the Device Toolkit
- Check Tunnel Status on Panorama
- Change Existing Panorama Serial Number Post CloudBlade Integration
Configure and Install Prisma Access for Networks (managed
by Panorama)
316 PIC - Configure the PA CloudBlade
Configure the Prisma SD-WAN CloudBlade to
prepare the Prisma SD-WAN Controller for integration.
- From thePrisma SD-WANweb interface, selectCloudBlades.
- InCloudBlades, locate thePrisma Access for Networks Integration (managed by Panorama)CloudBlade and clickConfigure. If this CloudBlade does not appear in the list, contact Prisma SD-WAN Support.
- Select thePrisma Access for Networks (managed by Panorama)CloudBlade to view the CloudBlade Installation page. Enter the following information in the fields shown below, change where appropriate:
- VERSION: Select the version of the Prisma Access for Networks (managed by Panorama) CloudBlade.
- ADMIN STATE: For Admin State, select/retain Enabled.
- PANORAMA SERIAL NUMBER: Enter the serial number of the Panorama API endpoint.
- PANORAMA AUTHORIZATION KEY: Enter the same key that was set in the Panorama console for the Prisma SD-WAN integration.
- ION PEERING DEFAULT LOCAL AS NUMBER: Starting with version 2.0.3 and higher, a BGP Local AS number is defined to quickly on-board ECMP sites. This can be any 16-bit AS number, but private BGP AS number(s) are recommended.
- TUNNEL IDENTIFIER, PRISMA ACCESS FOR NETWORKS SIDE: Enter an FQDN IKE identifier in name@domain.com format. This identifier will be used by Prisma Access to identify remote tunnel connections.
- TUNNEL IDENTIFIER TEMPLATE, PRISMA SD-WAN SIDE: Enter an FQDN IKE identifier in name@domain.com format. This identifier should be different from the Prisma Access identifier. This identifier will be used as a template to generate a unique ID per tunnel.
- TUNNEL INNER IP POOL: Specify an IP pool using IP/Mask notation. This IP Pool should be unused or unique across the entire network and should not be used by the Palo Alto Service Infrastructure Subnet.If you wish to change the IP prefix specified here, first disable the CloudBlade and ensure all service links are cleared. Now change the IP CIDR to the required value and enable the CloudBlade to allocate Tunnels based on the new IP CIDR.The number of tunnels that can be created in the Prisma SD-WAN Fabric to Prisma Access are directly limited by this configuration. Each tunnel will use a /31 subnet from this pool.
- TUNNEL PSK SEED: Specify a string of text which will be used to derive the unique pre-shared keys (PSKs) used per tunnel.
- OptionalPANORAMA TENANT NAME: Specify the Tenant Name that will be used for Remote Networks with the CloudBlade.
- ENFORCE DEFAULT PRISMA SD-WAN LIVELINESS PROBES: For Prisma Access, the default is to leverage an ICMP probe to the last Prisma Access Infrastructure IP address.
- ClickInstallafter the settings are configured.If you select/change the version of the CloudBlade, you must re-enter all the configuration values for that particular CloudBlade version.