Login to the Azure Portal and go into the Resource
group that was created via the deployment template select the VNET
object.
Enter the Peerings configuration section to set up VNET
peering between the
Prisma SD-WAN
VNET and each of your application
VNETs.
Add a VNET peering relationship from the
Prisma SD-WAN
VNET to the application VNETs.
Specify the VNET you wish to peer with from the drop-down,
select the checkbox to allow traffic to and from the remote VNET.
Once complete, verify the peering status is connected.
In order for return traffic from the application back
to the on-premise networks to be sent through the
Prisma SD-WAN
VPN, add a static virtual appliance route in the application VNET
subnet route table pointing back to the ION as the next hop for
corporate subnets.
In the below example, 10.19.2.4 is the IP address of the
Peering port of the ION 7K and 10.100.0.0/16 is the summary prefix
of all remote sites that have
Prisma SD-WAN
IONs deployed.
It
is assumed a route table is already deployed within the application
VNET for which the application VMs are associated, including the
relevant subnet associations.
Advertise the Azure application VNET prefixes into the
Prisma SD-WAN
fabric by defining them on the Azure data center site.
From the
Prisma SD-WAN
portal, go to
Map
Azure Site
Site
to
bring up the menu to
Add IP Prefixes
.
Once complete,
traffic destined to the prefix (10.20.0.0/24) will be sent directly
to Azure over one or more
Prisma SD-WAN
Internet VPN paths.
This
assumes that the traffic destined to these applications and prefixes
match a path policy rule that allows VPN over a public path.