Focus

Prisma SD-WAN

Validate the Prisma SD-WAN Configuration

Table of Contents

Filter

Expand All | Collapse All

Prisma SD-WAN Docs

Activation & Onboarding
Administration
CloudBlades
Select a Document
- CloudBlade Integrations
- CloudBlades Integration with Prisma Access
Deployment
Incidents & Alerts
Reference
Release Notes
Select a Document
- 6.5
- 6.4
- 6.3
- 6.2
- 6.1
- 5.6
- New Features Guide
- On-Premises Controller
- Prisma SD-WAN CloudBlades
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed

Configure and Install the Azure Virtual WAN CloudBlade

Edit Application Network Path Policy Rules

Validate the Prisma SD-WAN Configuration

Lets see how to validate the Prisma SD-WAN configurations.

Where Can I Use This?	What Do I Need?
Strata Cloud Manager	Prisma SD-WAN license Azure Virtual WAN CloudBlade

The Azure vWAN CloudBlade provisions the VPN sites, BGP peering configuration, and vWAN Hub association on Azure. On the Prisma SD-WAN ION device, two Standard IPSEC VPN tunnel interfaces, BGP peer configuration, and a static route to facilitate the BGP peering will be created. In addition, at a Prisma SD-WAN system level a Standard endpoint and service group will be created which can be used in path policies to direct the desired application traffic to Azure.

The following steps can be used to validate if the CloudBlade is working as intended:

Check the status indicator on the CloudBlade window. Once enabled and deployed correctly, the status indicator should turn green.
If the access credentials are invalid, the status indicator will throw an Azure auth failure error message.
The Monitor tab on the CloudBlade shows the deployment status of the integration.
The below example is from the Azure portal deployment for the Branch site in the previous section. The CloudBlade creates a single VPN site object with the public IP address of the demo Branch ION. This is associated with the vWAN hub in the East US region, which was created earlier when the tag was applied to interface 1. The VPN site has BGP enabled with the AS# configured on the ION, and the peering address is the Standard inner tunnel IP.

If no previous BGP AS# is available on the ION, a BGP AS number is automatically assigned from the private AS range by the CloudBlade.
The below example is the CloudBlade configuration on Prisma SD-WAN (Standard tunnel interface, static route, BGP peer, Standard endpoint & group).

Once the configuration is validated and the tunnel and BGP session is up, the administrator can modify the path policy applied to the site to direct the appropriate application traffic toward Azure.

Configure and Install the Azure Virtual WAN CloudBlade

Edit Application Network Path Policy Rules

Prisma SD-WAN Docs

Validate the Prisma SD-WAN Configuration

Prisma SD-WAN Docs

Validate the Prisma SD-WAN Configuration

Activation & Onboarding

SASE

Visibility & Monitoring

FedRAMP

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

Prisma SD-WAN Integration

Prisma SD-WAN Experts Corner

Best Practices

Resources