Add SD-WAN branch and hub devices.
SD-WAN devices are branches or hubs that make up your VPN cluster and SD-WAN topology.
Enter a name that identifies the SD-WAN device.
Select the type of SD-WAN device:
Virtual Router Name
Select the virtual router to use for routing between the SD-WAN hub and branches. By default, an
sdwan-defaultvirtual router is created and enables Panorama to automatically push router configurations.
Enter a user-friendly site name that identifies the hub or branch. For example, enter the city name where the branch device is deployed.
PAN-OS 10.0.3 and later 10.0 releases) For a hub, select the Link Tag that you created for a hub virtual interface so the hub can participate in DIA AnyPath. Auto VPN applies this link tag to the whole hub virtual interface, not an individual link. You reference this Link Tag in the Traffic Distribution Profile to indicate the order of failover to this hub virtual interface. On the branch device, Auto VPN uses this tag to populate the Link Tag field on the SD-WAN virtual interface that terminates on the hub device.
Addone or more security zones to identify traffic going to and coming from untrusted sources.
Addone or more security zones to identify traffic going to and coming from the SD-WAN hub devices.
Addone or more security zones to identify traffic going to and coming from the SD-WAN branch devices.
Addone or more security zones to identify traffic going to and coming from the trusted devices on the corporate network.
Specify the BGP router ID. The Border Gateway Protocol (BGP) router ID must be unique between all routers.
Use the Loopback Address as the Router ID.
Specify a static loopback IPv4 address for BGP peering.
Enter the Autonomous System number to define a commonly defined routing policy to the internet. The AS number must unique for every hub and branch location.
Use a 4-byte private BGP AS number to not interfere with any publicly routable AS number.
Redistribution Profile Name
Select or create a redistribution profile to control which local prefixes are communicated to the hub router from the branch. By default, all locally connected internet prefixes are advertised to the hub location.
Palo Alto Networks does not redistribute the branch office default route(s) learned from the ISP.
Recommended For You
Recommended videos not found.