AWS Transit Gateway CloudBlade Integration Guide
    : Configure and Install the AWS Transit Gateway Integration CloudBlade
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma
    3. Prisma SD-WAN
    4. CloudBlades Integration and Deployment
    5. AWS Transit Gateway CloudBlade Integration Guide
    6. Configure AWS
    7. Configure and Install the AWS Transit Gateway Integration CloudBlade
    Download PDF

    AWS Transit Gateway CloudBlade Integration Guide

    Configure and Install the AWS Transit Gateway Integration CloudBlade

    Table of Contents

    Configure and Install the AWS Transit Gateway Integration CloudBlade

    Learn how to configure and Install the AWS Transit Gateway Integration Cloudblade in
    Prisma SD-WAN
    .
    The following information needs to be populated to configure the AWS TGW CloudBlade:
    1. Go to
      Strata Cloud Manager
      Manage
      Prisma SD-WAN
      CloudBlades
      .
    2. Locate the
      AWS Transit Gateway
       CloudBlade and click
      Configure
      . If this CloudBlade does not appear in the list, contact the Palo Alto Support team.
    3. Provide the AWS
      Access Key ID
       and the
      Access Key ID Secret
       retrieved from the previous step.
    4. Provide the
      Transit Gateway ID
       in the format
      Region:TGW-ID
      .
      Only one region must be mapped to one TGW ID. Multiple TGW entries can be populated in a comma separated format.
    5. Provide a
      VPC CIDR
       block in the format
      <AWS Region:VPC_CIDR>
       for region based CIDRs and
      <CIDR>
       for global CIDRs for all regions in the TGW field. The VPC CIDR block must have a subnet mask between /16 and /26. Four distinct subnets are carved out for the public and private subnets on each vION. This should be in the RFC 1918 address space. The same VPC CIDR is reused on all regions in multi-region deployments.
    6. Provide the
      TGW GRE CIDR Block
       in the format
      <AWS Region:GRE_CIDR>
       for region based CIDRs and
      <CIDR>
       for global CIDRs for all regions in the TGW field. The TGW GRE Tunnel CIDR block must not overlap the VPC CIDR block. The GRE CIDR block can have any one of the following subnet masks /8, /16, or /24. The same VPC CIDR is reused on all regions in multi-region deployments.
    7. Provide the
      BGP Peer IP Address CIDR
       in the format
      <AWS Region:BGP_CIDR>
       for region based CIDRs or
      <CIDR>
       for global CIDRs for all regions in the TGW field. Allocate a /29 IP subnet for the GRE tunnel interface on both the ends. This address block can also be used for establishing core peering from both the DC vIONs with the Transit Gateway’s connect peers. The CIDR block has to be in the “169.254.x.x/29” subnet as required by AWS. Only one /29 prefix is needed, the Cloudblade uses this as a base and increments as many /29 subnets required based on the number of regions deployed.
    8. Ensure at least 2 licenses are available to deploy both v7108 IONs, for each region you wish to deploy the Datacenter site.
    9. Click
      Install
       once all fields in the CloudBlade configuration is populated.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.