>
    Strata Copilot
    Connect a Single or Multiple Prisma SD-WAN Sites to Prisma Access
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma SD-WAN
    3. Prisma SD-WAN SASE Easy Onboarding
    4. Connect a Single or Multiple Prisma SD-WAN Sites to Prisma Access
    Download PDF
    Prisma SD-WAN

    Connect a Single or Multiple Prisma SD-WAN Sites to Prisma Access

    Table of Contents

    Connect a Single or Multiple Prisma SD-WAN Sites to Prisma Access

    Learn how to integrate Prisma SD-WAN sites with Prisma Access and use this workflow to onboard a Prisma SD-WAN site to Prisma Access.
    Where Can I Use This?What Do I Need?
    • Strata Cloud Manager
    • Prisma SD-WAN
      • Prisma SD-WAN license
      • Prisma SD-WAN AppFabric deployed at one or more locations.
      • Physical and/or virtual ION devices running software versions 5.6.X or higher.
    • Prisma Access Cloud Managed
      • Prisma Access with Aggregate Bandwidth; the bandwidth licensing mode must be enabled per compute location on the Prisma Access Cloud Managed portal.
      • Identification of the IPSec Termination Nodes within Prisma Access for connectivity.
    • Ensure that you have Prisma Access (Cloud Managed) and Prisma SD-WAN in the same TSG.
    Use this workflow to onboard Prisma SD-WAN sites to Prisma Access.
    1. Configure SASE connectivity.
      This is a one-time activity.
    2. Select WorkflowsPrisma SD-WAN SetupBranch Sites.
    3. Click Connect to Prisma Access for the site that you want to connect to Prisma Access under Prisma Access Connection.
      For Aggregate Bandwidth
      1. Select a Primary Prisma Access Location.
        PA recommends the first location in the list closest to the Prisma SD-WAN site address. The recommendation is based on the address (latitude and longitude values) entered during site creation in Prisma SD-WAN.
      2. Select the corresponding Primary IPSec Termination Node.
        For every 1 Gbps of bandwidth allocated to a region, a new Termination Node is spun up; you can accordingly select a different Termination Node.
      3. Optionally, select the Secondary Prisma Access Location and the corresponding Secondary IPSec Termination Node.
      For Site-Based Licensing
      1. Select a Prisma Access Primary Location. Prisma Access recommends the first location in the list closest to the Prisma SD-WAN site address. The recommendation is based on the address (latitude and longitude values) entered during site creation in Prisma SD-WAN.
      2. Select the Site Type from the predefined bandwidth categories:
        • 25 Mbps (Very Small)
        • 50 Mbps (Small)
        • 250 Mbps (Medium)
        • 1 Gbps (Large)
        • 2.5 Gbps (X-Large)
      3. To opt for a secondary Prisma Access location, select Allow connection to a secondary Prisma Access Location as backup when necessary.
      4. Select the Prisma Access Secondary Location.
    4. Click Connect Sites.
      You can view the status of the connection in the SASE Connection column.
      For each Prisma SD-WAN circuit for a site, a corresponding tunnel to Prisma Access is created in this process. You can have a maximum of four circuits connecting to Prisma Access for a site.
      You can view the details of the Prisma Access peer by selecting ConfigurationPrisma SD-WANBranch SitesSelect a SiteOverlay ConnectionsBranch-Standard VPN.
    5. (Optional) To view and edit information for SASE connectivity:
      1. Select ConfigurationPrisma SD-WANBranch Sites and select a site.
      2. View details in the Prisma Access Connectivity section.
      3. (Optional) Click Edit Connectivity to update the service connectivity details.
        For Aggregate Bandwidth:
        1. Select the Primary Prisma Access Location and the IPSec Termination Node.
          Optionally, select the Allow connection to a secondary Prisma Access Location as backup when necessary.
        2. Click Next to update the remote network tunnel configuration details.
        3. On Step 2 Tunnels, update the Circuits to connect to the Prisma Access location.
        4. In Dynamic Routing Options, update the BGP options to be enabled in Prisma Access.
        5. Click the pencil icon to view and update the Routing Settings.
        6. Click Update.
        For Site-based Licensing:
        1. Select the Site Type for the site.
        2. Select the Primary Prisma Access Location.
        3. Optionally, select the Allow connection to a secondary Prisma Access Location as backup when necessary.
        4. Select the Secondary Prisma Access Location.
        5. Select a QoS Profile for the site. You can Add, Manage, or Edit a QoS Profile.
        6. Click Next.
        7. On Step 2 Tunnels, update the Circuits to connect to the Prisma Access.
        8. In Dynamic Routing Options, update the BGP options to be enabled in Prisma Access.
        9. Click the pencil icon to view and update the Routing Settings.
        10. Click Update.
    6. Save & Exit.

    Disconnect from Prisma Access

    You can disconnect your site from Prisma Access. This removes the tunnel configuration between Prisma SD-WAN and Prisma Access, but it stores SASE Configuration objects such as PA locations and circuits for ease in reconnection.
    1. Select WorkflowsPrisma SD-WAN SetupBranch Sites.
    2. View details in the Prisma Access Connectivity section.
    3. Click Disconnect from Prisma Access.

    © 2025 Palo Alto Networks, Inc. All rights reserved.