Finalize Azure Configuration
Table of Contents
Finalize Azure Configuration
- Login to the Azure Portal and go into the Resource group that was created via the deployment template select the VNET object.
- Enter the Peerings configuration section to set up VNET peering between thePrisma SD-WANVNET and each of your application VNETs.
- Add a VNET peering relationship from thePrisma SD-WANVNET to the application VNETs.Specify the VNET you wish to peer with from the drop-down, select the checkbox to allow traffic to and from the remote VNET. Once complete, verify the peering status is connected.
- In order for return traffic from the application back to the on-premise networks to be sent through thePrisma SD-WANVPN, add a static virtual appliance route in the application VNET subnet route table pointing back to the ION as the next hop for corporate subnets.In the below example, 10.19.2.4 is the IP address of the Peering port of the ION 7K and 10.100.0.0/16 is the summary prefix of all remote sites that havePrisma SD-WANIONs deployed.
It is assumed a route table is already deployed within the application VNET for which the application VMs are associated, including the relevant subnet associations. - Advertise the Azure application VNET prefixes into thePrisma SD-WANfabric by defining them on the Azure data center site. From thePrisma SD-WANportal, go to to bring up the menu toAdd IP Prefixes.
Once complete, traffic destined to the prefix (10.20.0.0/24) will be sent directly to Azure over one or morePrisma SD-WANInternet VPN paths.This assumes that the traffic destined to these applications and prefixes match a path policy rule that allows VPN over a public path.