>
    Plan the Azure Virtual WAN with vION Integration
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma SD-WAN
    3. Azure Virtual WAN with vION CloudBlade Integration
    4. Plan the Azure Virtual WAN with vION Integration
    Download PDF
    Prisma SD-WAN

    Plan the Azure Virtual WAN with vION Integration

    Table of Contents

    Plan the Azure Virtual WAN with vION Integration

    Learn to plan the Azure Virtual WAN with vION integration and create application registration objects.
    Where Can I Use This?What Do I Need?
    • Strata Cloud Manager
    • Prisma SD-WAN license
    • Azure Virtual WAN with vION CloudBlade
    To enable the transition to hybrid deployment environments more efficiently; the Azure virtual WAN integration solution is enhanced by installing a pair of HA vIONs in a vNET as a spoke environment to an Azure virtual hub router instance. This enables a cleaner integration of branch sites to customer workload vNETs through the virtual hub, enabling LQM measurements. In addition, this helps with path selection, application-based routing, enables different kinds of link aggregation and avoids user-defined routes between the vION and the virtual hub router, as the virtual hub enables the exchange of routes over BGP.
    The Azure Virtual WAN with vION integration can be done for both Greenfield deployments (where the vHUB and vWAN resources are created by the CloudBlade) and Brownfield deployments (where the existing vWAN and vHUB(s) are referenced by the CloudBlade.
    The CloudBlade automates the following configuration steps required to establish end-to-end connectivity on Prisma SD-WAN and Azure.
    • Deploys a pair of vION devices within the Transit vNET in Azure in separate availability zones based on the Azure regions.
    • Attaches the vION devices in the Transit VNET as a spoke to the virtual WAN hub.
    • Claims and assigns each vION to a data center site per region.
    • Configures the Transit vNET with the needed three subnets - private/LAN, public/Internet, and controller subnets.
    • Creates a static route from vIONs to the virtual hub.
    • Configures the BGP dynamic routing protocol on both Prisma SD-WAN ION and virtual WAN hub router.
    • Activates the Data Center site.

    Create Application Registration Object in Azure

    Before configuring Prisma SD-WAN to integrate with Azure virtual WAN, perform the following steps in the Azure portal to create an application registration object. This step is not required if you already have the application registration object.
    1. Go to Azure servicesApp registrationsNew registration.
    2. Enter the display Name of the application, choose the Supported Account Type, and select Register.
    3. Copy the Application (client) ID and Directory (tenant) ID to be used later in Prisma SD-WAN CloudBlade configuration.
    4. Generate and copy a new client secret to be used later in Prisma SD-WAN CloudBlade configuration.
    5. Assign Contributor role to the new Application Registration object created in Step 1.
    6. Locate the Azure subscription ID and copy to be used later in the Prisma SD-WAN CloudBlade configuration.

    © 2025 Palo Alto Networks, Inc. All rights reserved.