SD-WAN
Install the SD-WAN Plugin
Table of Contents
Expand All
|
Collapse All
SD-WAN Docs
-
-
- SD-WAN Deployment Workflow
-
- Add SD-WAN Branch or Hub Firewall
- Configure Certificate-based Authentication for Strong Security
- Quickly Add Multiple SD-WAN Devices with Bulk Import
- Configure SD-WAN Devices in HA Mode
- Onboard PAN-OS Firewalls to Prisma Access for Cloud-based Security
- Plan Your Topology for SD-WAN with Auto VPN
- Create a Full Mesh VPN Cluster with DDNS Service
- Create a Static Route for SD-WAN
- Configure Advanced Routing for SD-WAN
Install the SD-WAN Plugin
Install the SD-WAN plugin on the Panorama™ management
server.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
A Panorama™ management server with an SD-WAN plugin
is required to configure and manage an SD-WAN deployment.
Panorama enables you to effectively configure, manage, and monitor your Palo
Alto Networks firewalls with central oversight.
The Panorama management server provides centralized monitoring and management of
multiple Palo Alto Networks Next-Generation
Firewalls. It
provides a single location from which you can oversee all applications, users, and
content traversing your network, and then use this knowledge to create application
enablement policy
rules that
protect and control the network. Using Panorama for centralized policy and
firewall management increases operational efficiency in managing and maintaining a
distributed network of firewalls.
It is important that you have Panorama with compatible PAN-OS. Refer
system requirements for SD-WAN to know the
PAN-OS and
SD-WAN compatible versions.
All the branches
and hub firewalls must be managed by a Panorama, where SD-WAN
plugin will be installed.
- When Panorama is connected to the internet, you can download and install the SD-WAN plugin directly from the Panorama web interface. The plugin needs to be installed only on the Panorama managing your SD-WAN firewalls, and not on the individual hub and branch firewalls.
- When Panorama is not connected to the internet, you must download the SD-WAN plugin from the Palo Alto Networks Customer Support Portal and upload the plugin to Panorama. The plugin needs to be installed only on the Panorama managing your SD-WAN firewalls, and not on the individual hub and branch firewalls.
Panorama is Internet-Connected
Download the SD-WAN plugin in the Panorama™ management server from the Plugins
tab.
- Select PanoramaPlugins, search for the sd_wan plugin and Check Now for the most recent version of the plugin.
- Download and Install the SD-WAN plugin.
- After you successfully install the SD-WAN plugin, select Commit and Commit to Panorama.This step is required before you can commit any configuration changes to Panorama.
- (Management Only mode only) Enable the logging disks required to store SD-WAN monitoring data.
- M-Series Appliances—All M-Series appliances come with two pairs of 8TB logging disks in RAID 1 by default. When managing firewalls leveraging SD-WAN from Panorama in Management Only mode, you must enable the first pair of logging disk pairs to store SD-WAN monitoring data.
- Enable the first pair of logging disk pairs included by default with your M-Series appliance.
> request system raid add A1 - Verify that logging Logging Disk Pair A is Available:
> show system raid detailWhen the RAID set up is complete, the following response displays:Disk Pair A Available Status clean Disk id A1 Present model : ST91000640NS size : 953869 MB status : active sync - Make the logging disk pairs available for logging.
- Select PanoramaManaged Collectors and edit the Log Collector.
- Select Disks and Add each array.
- Click OK to save your changes.
- Select CommitCommit to Panorama and Commit your changes.
- Select CommitPush to Devices, select the Collector Group, and Push your changes.
- Panorama Virtual Appliances—If you deployed your Panorama virtual appliance in Management Only mode, you must increase the system disk to 224GB to store SD-WAN monitoring data.
- Continue to set up Panorama and firewalls for SD-WAN to begin configuring your SD-WAN deployment.
Panorama is Not Internet-Connected
Download the SD-WAN plugin in the Panorama™ management server from the
Palo Alto Networks Customer Support Portal.
- Log in to the Palo Alto Networks Customer Support Portal.
- Select UpdatesSoftware Updates, and in the Filter By drop-down select Panorama Integration Plug In.
- Locate and download the SD-WAN Plug-in.
- Select PanoramaPlugins and Upload the SD-WAN plugin.
- Browse and locate the SD-WAN plugin you downloaded from the Customer Support Portal and click OK.
- Install the SD-WAN plugin.
- After you successfully install the SD-WAN plugin, select Commit and Commit to Panorama.This step is required before you can commit any configuration changes to Panorama.
- (Management Only mode only) Enable the logging disks required to store SD-WAN monitoring data.
- M-Series Appliances—All M-Series appliances come with two pairs of 8TB logging disks in RAID 1 by default. When managing firewalls leveraging SD-WAN from Panorama in Management Only mode, you must enable the first pair of logging disk pairs to store SD-WAN monitoring data.
- Enable the first pair of logging disk pairs included by default with your M-Series appliance.
> request system raid add A1 - Verify that logging Logging Disk Pair A is Available:
> show system raid detailWhen the RAID set up is complete, the following response displays:Disk Pair A Available Status clean Disk id A1 Present model : ST91000640NS size : 953869 MB status : active sync - Make the logging disk pairs available for logging.
- Select PanoramaManaged Collectors and edit the Log Collector.
- Select Disks and Add each array.
- Click OK to save your changes.
- Select CommitCommit to Panorama and Commit your changes.
- Select CommitPush to Devices, select the Collector Group, and Push your changes.
- Panorama Virtual Appliances—If you deployed your Panorama virtual appliance in Management Only mode, you must increase the system disk to 224GB to store SD-WAN monitoring data.
- Continue to set up Panorama and firewalls for SD-WAN to begin configuring your SD-WAN deployment.