Add a Standard VPN Endpoint
Table of Contents
Expand all | Collapse all
-
-
- Configure Circuits
- Configure Internet Circuit Underlay Link Aggregation
- Configure Private WAN Underlay Link Quality Aggregation
- Configure Circuit Categories
- Configure Device Initiated Connections for Circuits
- Add Public IP LAN Address to Enterprise Prefixes
- Manage Data Center Clusters
- Configure a Site Prefix
- Configure a DHCP Server
- Configure NTP for Prisma SD-WAN
- Enable IoT Device Visibility in Prisma SD-WAN
- Configure the ION Device at a Branch Site
- Configure the ION Device at a Data Center
- Switch a Site to Control Mode
- Allow IP Addresses in Firewall Configuration
-
- Configure a Controller Port
- Configure Internet Ports
- Configure WAN/LAN Ports
- Configure a Loopback Interface
- Prisma SD-WAN Standard VPN
- Configure a PoE Port
- Configure and Monitor LLDP Activity and Status
- Configure a PPPoE Interface
- Configure a Layer 3 LAN Interface
- Configure Application Reachability Probes
- Configure a Secondary IP Address
- Configure a Static ARP
- Configure a DHCP Relay
- Configure IP Directed Broadcast
- VPN Keep-Alives
-
- Configure Prisma SD-WAN IPFIX
- Configure IPFIX Profiles and Templates
- Configure and Attach a Collector Context to a Device Interface in IPFIX
- Configure and Attach a Filter Context to a Device Interface in IPFIX
- Configure Global and Local IPFIX Prefixes
- Flow Information Elements
- Options Information Elements
- Configure the DNS Service on the Prisma SD-WAN Interface
- Configure SNMP
-
-
- Prisma SD-WAN Branch Routing
- Prisma SD-WAN Data Center Routing
-
- Configure Multicast
- Create a WAN Multicast Configuration Profile
- Assign WAN Multicast Configuration Profiles to Branch Sites
- Configure a Multicast Source at a Branch Site
- Configure Global Multicast Parameters
- Configure a Multicast Static Rendezvous Point (RP)
- Learn Rendezvous Points (RPs) Dynamically
- View LAN Statistics for Multicast
- View WAN Statistics for Multicast
- View IGMP Membership
- View the Multicast Route Table
- View Multicast Flow Statistics
- View Routing Statistics
- Prisma SD-WAN Incident Policies
-
- Prisma SD-WAN Branch HA Key Concepts
- Configure Branch HA
- Configure HA Groups
- Add ION Devices to HA Groups
- View Device Configuration of HA Groups
- Edit HA Groups and Group Membership
-
- Configure Branch HA with Gen-1 Platforms (2000, 3000, 7000, and 9000)
- Configure Branch HA with Gen-2 Platforms (3200, 5200, and 9200)
- Configure Branch HA with Gen-2 Embedded Switch Platforms (1200-S or 3200-L2)
- Configure Branch HA for Devices with Software Cellular Bypass (1200-S-C-5G)
- Configure Branch HA for Platforms without Bypass Pairs
- Prisma SD-WAN Clarity Reports
-
- Native SASE Integration with Prisma SD-WAN
- Connect a Single Prisma SD-WAN Site to Prisma Access
- Connect Multiple Prisma SD-WAN Sites to Prisma Access
- Edit Application Policy Network Rules
- Understand Service and Data Center Groups
- Verify Standard VPN Endpoints
- Configure Standard Groups
- Assign Domains to Sites
- Prisma SD-WAN Incidents and Alerts
Add a Standard VPN Endpoint
Lets learn about the addition of third-party or standard VPN endpoints in Prisma SD-WAN.
A service endpoint is a label representing a specific location or network
service.
A service endpoint is a label representing
a specific location or network service. It can be
Prisma SD-WAN
data centers for transit services or third-party data centers. - Select.ManageResourcesService & DC Groups
- SelectManage Endpointsto an endpoint.
- SelectStandard VPNfrom the drop-down and clickAdd Endpoint.All Palo Alto Networks data center sites are automatically added whenAdmin Upis selected, which means that it can accept traffic per network policy. These endpoints cannot be deleted from the list. You can clear theAdmin Upselection to remove the endpoints from consideration when the system performs path selection per the defined network policy rules.
- Enter aName, and optionally, aDescriptionfor the service endpoint.
- SelectAdmin Upto bring it up.If you do not selectAdmin Up, the endpoint is not used in path selection for forwarding traffic.
- (Optional)SelectAllow Enterprise Trafficto explicitly allow enterprise traffic to transit through the Cloud Security Service.
- (Optional)EnterAddressof the endpoint location.
- (Optional)Add values for theIPs & Hostnamesand select the.Disable Tunnel Reoptimizationto disable the tunnel reoptimizing for latency changeWhen multiple IP addresses or URLs are configured under a Standard VPN endpoint, the ION device probes each endpoint IP address (it will resolve the URLs if configured) to determine the lowest latency endpoint. After the lowest latency endpoint is determined, the ION device builds the Standard VPN tunnel to that IP address. If the configuration liveliness check fails, then it uses the next lowest latency endpoint IP address in the list. Additionally, the ION device tracks the current latency to each endpoint IP address, and, if there is a significant change in the latency to the closest endpoint from the current endpoint, the tunnel is moved.
- (Optional)EnterLiveliness Probeinformation for liveliness probing.For ICMP PING, enter values for probing interval, failure count, and IP address. For HTTP, enter values for probing interval, failure count, HTTP status codes, and URL.
- Save & Exitthe endpoints dialog.After adding the endpoints, proceed to add groups and add domains.