Maintain uninterrupted Panorama management by creating dedicated IPSec tunnels
separate from your SD-WAN overlay, ensuring continuous control during network
disruptions.
When you have Panorama deployed without a public IP address, your SD-WAN devices rely
solely on the SD-WAN overlay network for connectivity to Panorama. This creates a
single point of failure that can result in significant outages when SD-WAN overlay
issues occur. The
Dedicated Tunnel to Panorama feature
addresses this vulnerability by establishing persistent, dedicated IPSec tunnels
from your branch devices to Panorama through designated termination devices using
direct internet access (DIA) interfaces.
This feature is valuable in environments where Panorama can’t be exposed over the
internet using a public IP address. With dedicated tunnels in place, even if your
primary SD-WAN overlay network becomes unavailable, your devices can still reach
Panorama to receive configuration updates and troubleshooting commands. This
eliminates the need for manual recovery, significantly reducing downtime and
operational costs.
You can configure primary and secondary termination devices with preferred and
secondary DIA interfaces, ensuring redundant connectivity paths to Panorama. The
solution uses a separate VPN address pool for tunnel IP address assignments that
must not overlap with existing SD-WAN overlay configurations.