Assign tags to objects in the Prisma SD-WAN

In
Strata Cloud Manager
, go to
Workflows
Branch Sites
and select the site that needs to be tagged.
Select the edit icon, and in the
Tags
(case sensitive.) field, add the
azure_enabled
tag and enable it for Azure vWAN.
Select
Done
.
Now, tag the interface that you can use to establish a Standard tunnel to the virtual WAN. Go to
Workflows
Devices
and select the device to view the device configuration screen. Locate the interfaces tab, select the interface connected to the circuit you want to use to build the tunnel to Azure, and add a region-specific tag that corresponds to the region the vWAN Hub you want to connect to is in (e.g.
azure_enabled_eastus
).
This interface must have a public IP address configured statically or via DHCP, or if behind a NAT device one must have the
External NAT Address & Port
defined under the Advanced Options for this interface.
In version 1.0.1, an Azure vWAN limitation restricts tagging and using only one interface to build a tunnel to a single vWAN hub in Azure. This restriction prevents the use of multiple transports to connect to the same vWAN hub. However, starting from version 2.0.1, Azure has removed this limitation, allowing multiple interfaces to build tunnels to the same vWAN hub. This enables the use of these tunnels in active/active mode for enhanced connectivity to the vWAN hub
After completing this configuration, the next integration cycle (approximately 60 seconds) will initiate the creation and onboarding of Standard IPSEC tunnels between the Prisma SD-WAN ION and the Azure virtual WAN Hub. It may take several cycles for the tunnels to appear and become active on the Prisma SD-WAN and for the VPN site objects to show up in the Azure.