>
    Strata Copilot
    Integrate Prisma Access with Cisco Meraki SD-WAN (Site Based Licensing)
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma Access
    3. Integrate Third-Party SD-WANs with Prisma Access
    4. Cisco Meraki SD-WAN Solution Guide
    5. Integrate Prisma Access with Cisco Meraki SD-WAN (Site Based Licensing)
    Download PDF
    Prisma Access

    Integrate Prisma Access with Cisco Meraki SD-WAN (Site Based Licensing)

    Table of Contents

    Integrate Prisma Access with Cisco Meraki SD-WAN (Site Based Licensing)

    Learn to integrate Prisma Access with Cisco Meraki in the site based licensing model.
    Where Can I Use This?What Do I Need?
    • Prisma Access (Managed by Strata Cloud Manager)
    • Prisma Access license
    • Physical Cisco Meraki (MX or Z) devices or virtual Cisco Meraki (vMX) devices with a minimum version of 15.12
    For Cisco Meraki integration with Prisma Access, the site-based licensing model changes how you onboard and manage remote sites. When enabling a Meraki network for Prisma Access connectivity, instead of selecting an IPSec termination node (SPN), you will now select the appropriate site type from the available options based on your licensing. The integration service automatically handles the creation of the necessary objects, including the Site Container, Remote Network, IKE Gateway, and IPsec Tunnel.
    Site-based licensing introduces the concept of site types with predefined bandwidth tiers. This model allows you to purchase licenses for the number of sites you need, categorized by these bandwidth tiers, without having to pre-allocate bandwidth to specific regions.
    • Very Small (25 Mbps)
    • Small (50 Mbps)
    • Medium (250 Mbps)
    • Large (1 Gbps)
    • X-Large (2.5 Gbps)
    Ensure you meet the following requirements before you integrate Prisma Access with Cisco Meraki in a site based licensing model:
    ProductRequirement
    Prisma Access
    Update your Prisma Access to version 6.x.x or later versions.
    Cisco Meraki
    • Active Cisco Meraki Dashboard subscription
    • Physical Cisco Meraki (MX or Z) devices or virtual Cisco Meraki (vMX) devices with a minimum version of 15.12 in Cisco Meraki Hub or Spoke networks
    • Cisco Meraki devices should be in Appliance or Combined type networks
    • Cisco Meraki networks that have enabled the VPN Mode in the Site-to-Site VPN configurations
    To secure a Cisco Meraki SD-WAN with Prisma Access, complete the following steps.
    1. Configure the Cisco Meraki SD-WAN based on the requirements mentioned above..
      1. In Strata Cloud Manager, go to System SettingsIntegrationsThird Party SD-WAN.
      2. Locate the Cisco Meraki Integration with Prisma Access application.
        Contact your Palo Alto Networks account team if you don’t see this integration option.
    2. Enter the information needed to establish a connection between Prisma Access and Cisco Meraki by editing the Settings.
      1. Generate Cisco Meraki API Key in Cisco Meraki dashboard, and enter the key information.
      2. Enter the PSK Seed, which is a string used to derive pre-shared keys (PSKs) per tunnel.
      3. (Optional) Enter an FQDN IKE identifier as the Local Identifier in the following syntax: name@domain.com.
        This identifier acts as a template to generate a unique ID per tunnel.
      4. Set the Admin State as Enabled.
        You can set Admin State in the following modes:
        • Enabled: Enables the integration to discover new networks on Cisco Meraki that are eligible for tunnel formation with Prisma Access. Additionally, this verifies current configurations.
        • Disabled: Disable the integration to remove all configurations created, in Prisma Access as well as in Cisco Meraki, when a connection was set up between them.
          Upon disabling, the system will initiate a complete teardown of all configurations and objects on both Prisma Access and Cisco Meraki.
        • Paused: When you pause the integration, you can no longer add new networks or remove any unconfigured networks. However, the current configurations don't change.
      5. Check Connectivity to verify the connection.
      6. Save the changes.
        You can Save changes only after you Check Connectivity every time you change settings or configurations.
        After you save the changes, you can see the Cisco Meraki networks eligible for tunnel formation with Prisma Access in Discovered Sites. Cisco Meraki networks are displayed as sites here. It might take some time to view the discovered sites.
    3. Establish the tunnel setup between Prisma Access and Cisco Meraki devices.
      1. View the discovered Cisco Meraki networks and their information by clicking the site count.
        The integration checks every 3 hours for new Cisco Meraki networks. You can also initiate an on-demand site discovery.
      2. (Optional) Select the nearest Prisma Access Location for the networks.
        The first 50 regions in the list are automatically sorted by closest proximity to the network's latitude and longitude. You can scroll down to find other regions if needed.
      3. Select the appropriate site type from the drop-down menu, based on your purchased licenses.
        The smallest available site type is selected by default, but you can change it.
      4. You can use the filter options to search for sites by site name, devices, or tags.
        If using the aggregate bandwidth SPN model, the user interface will render the previous UI. This version requires you to select an IPsec termination node, and only shows regions where you have already allocated compute resources.
      5. Select the Cisco Meraki network and toggle the Enable option to establish a tunnel formation with Prisma Access.
      6. Update the changes.
        You can view all the Enabled Sites and Configured Sites in the Cisco Meraki Integration with Prisma Access application.
    4. Verify the changes in Prisma Access.
      1. Go to System SettingsIntegrationsThird Party SD-WAN.
      2. Locate the Cisco Meraki Integration with Prisma Access and select Remote Networks - Cisco Meraki Integration with Prisma Access.
      3. In the Branch Sites Management screen, you can:
        • View the number of site licenses purchased (acquired) and how many of those are currently in use (allocated) for different bandwidth tiers.
        • Verify the tunnel status for sites where the Config Status of Cisco Meraki networks shows configured.
      4. Select Log ViewerCommonAudit to view Cisco Meraki Integration with Prisma Access logs.
        The Log Source specifies if the changes were made in Prisma Access or in the Cisco Meraki dashboard.
      5. (Optional) View errors or warnings in Messages.
    5. Verify the tunnel status in the Cisco Meraki dashboard.
      1. Log in to the dashboard, and select Security & SD-WANMonitorVPN Status.
      2. Check the status for non-Meraki peers.
      3. View the logs under Network-wideEvent Log for non-Meraki event types.
        Contact Cisco Systems support for any errors you see in the Cisco Meraki networks and dashboard.

    On-Demand Site Discovery

    You can initiate network discoveries anytime to view new networks added in the Cisco Meraki dashboard. You can also initiate network discoveries to resolve any misconfiguration in the integration-created objects. To initiate on-demand network discovery, perform the following steps:
    1. Select SettingsIntegrationsThird Party SD-WAN.
    2. Locate the Cisco Meraki Integration with Prisma Access application.
    3. View the discovered Meraki networks and their information by clicking the site count.
    4. Discover Sites to identify new eligible Cisco Meraki networks when required.

    © 2025 Palo Alto Networks, Inc. All rights reserved.