Prisma SD-WAN
Determine IPSec Termination Nodes
Table of Contents
Determine IPSec Termination Nodes
Determine the nodes to begin configuration of a remote networking on-boardinf for the
Panorama nd Cloud Managed CloudBlades.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
Determine the nodes to begin configuration of a Remote Networking on-boarding and select
the appropriate region or location for both Panorama Managed and Cloud Managed
CloudBlades.
Determine IPSec Termination Nodes (Panorama Managed CloudBlade)
Determine IPSec Termination Nodes (Panorama Managed CloudBlade) Method 1 and Method 2
to begin configuration of a Remote Networking on-boarding.
In our example, the first method to determine the IPSec termination nodes, we use US
East as the location, which has two nodes behind it.
-
Click the IPSec Termination Node drop-down to view the
list of IPSec termination nodes.
![]()
These node names are listed in the order they are deployed on the backend, not alphabetically.The order of appearance of the two IPSec termination nodes is:- us-east-charlock
- us-east-banyan
Determine IPSec Termination Nodes Method #2
The second method to obtain the IPSec Termination Nodes within Prisma
Access for Networks is through the Panorama API. Within the API, you will see the
abbreviation of SPN, which is the reference for the IPSec Termination Nodes.
Using Panorama, navigate to the following subtree in the API within Panorama,
clicking on each item listed in bullets (notice the variation for single-tenant
versus multitenant).
Single Tenant Environment
https://panorama/api
- config
- devices
- localhost.localdomain (or appropriate name)
- plugins
- cloud_services
- remote-networks
- agg-bandwidth
Multi-Tenant Environment
https://panorama/api
- Configuration Commands
- devices
- localhost.localdomain (or appropriate name)
- plugins
- cloud_services
- multi-tenant
- tenants
- default-tenant
- remote-networks
- agg-bandwidth
The output of the API is similar to the following:
<response status="success" code="19"><result total-count="1" count="1"><agg-bandwidth><enabled>yes</enabled><region><entry name="europe-central"><allocated-bw>100</allocated-bw><spn-name-list><member>europe-central-aspen</member></spn-name-list></entry><entry name="us-east"><allocated-bw>600</allocated-bw><spn-name-list><member>us-east-charlock</member><member>us-east-banyan</member></spn-name-list></entry><entry name="canada-central"><allocated-bw>100</allocated-bw><spn-name-list>
A sample from the web interface would also look similar to the above. The
us-east appears first in the list, followed by the node
names underneath.
The IPSec Termination Node names are listed below the entry named
spn-name-list with indentation. The order seen here’s the
same order as the Panorama interface shown in the previous section.
IPSec Termination Node Conventions and Tag Nomenclature
With the information obtained above from our nodes for
us-east, the tagging methodology for the CloudBlade can
now be determined. The tag constructs for the CloudBlade with Aggregate
Bandwidth licensing would look as follows:
Prisma_region: <<region name>>:<<IPSec Termination Node Name or
Number>>
With this construct, the tags for the interfaces will look similar to the
following:
prisma_region:us-east-1:us-east-charlock
prisma_region:us-east-1:us-east-banyan
OR
prisma_region:us-east-1:1
prisma_region:us-east-1:2
The node name (us-east-charlock) or order that the node appears in the list (1) can
both be used in the naming convention for the interface tags.
To assist with the automation of the scripts and deployments, the Prisma SD-WAN
Tagger Utility Script can be used to help create or
configure the tags.
Determine IPSec Termination Nodes (Cloud Managed CloudBlade)
Determine the IPSec termination nodes in the Cloud Managed CloudBlade to begin
configuration of a Remote Networking on-boarding.
- In Prisma Access, go to the .
![]()
In the General section, select a region from the Prisma Access Location drop-down.![]()
After you choose the location, select from the available SPN names from the IPSec Termination Node drop-down.IPSec Termination Node Conventions and Tag Nomenclature
Below is an example for the tagging methodology and tag constructs with aggregate bandwidth licensing for the CloudBlade.Prisma_region: <<region name>>:<<IPSec Termination Node Name or Number>>With this construct, the tags for the interfaces will look similar to the following. For example:prisma_region:eu-west-3:france-north-portiaprisma_region:eu-west-3:france-north-bluebellsORprisma_region:eu-west-3:1prisma_region:eu-west-3:2The node name (france-north-portia) or order that the node appears in the list (1) can both be used in the naming convention for the interface tags.You can refer to the region tag codes of the Prisma Access Regions.To aid in automating scripts and deployments, the Prisma SD-WAN Tagger script can also be used to create or configure the tags.
