Prisma SD-WAN
Validate the Prisma SD-WAN Configuration
Table of Contents
Expand All
|
Collapse All
Prisma SD-WAN Docs
-
-
-
- CloudBlade Integrations
- CloudBlades Integration with Prisma Access
-
-
-
-
- 6.5
- 6.4
- 6.3
- 6.2
- 6.1
- 5.6
- New Features Guide
- On-Premises Controller
- Prisma SD-WAN CloudBlades
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed
Validate the Prisma SD-WAN Configuration
Lets see how to validate the Prisma SD-WAN configurations.
Where Can I Use This? | What Do I Need? |
---|---|
|
|
The Azure vWAN CloudBlade provisions the VPN sites, BGP peering configuration, and
vWAN Hub association on Azure. On the Prisma SD-WAN ION device, two
Standard IPSEC VPN tunnel interfaces, BGP peer configuration, and a static route to
facilitate the BGP peering will be created. In addition, at a Prisma SD-WAN system level a Standard endpoint and service group will
be created which can be used in path policies to direct the desired application
traffic to Azure.
The following steps can be used to validate if the CloudBlade is working as
intended:
- Check the status indicator on the CloudBlade window. Once enabled and deployed correctly, the status indicator should turn green.If the access credentials are invalid, the status indicator will throw an Azure auth failure error message.The Monitor tab on the CloudBlade shows the deployment status of the integration.The below example is from the Azure portal deployment for the Branch site in the previous section. The CloudBlade creates a single VPN site object with the public IP address of the demo Branch ION. This is associated with the vWAN hub in the East US region, which was created earlier when the tag was applied to interface 1. The VPN site has BGP enabled with the AS# configured on the ION, and the peering address is the Standard inner tunnel IP.If no previous BGP AS# is available on the ION, a BGP AS number is automatically assigned from the private AS range by the CloudBlade.The below example is the CloudBlade configuration on Prisma SD-WAN (Standard tunnel interface, static route, BGP peer, Standard endpoint & group).Once the configuration is validated and the tunnel and BGP session is up, the administrator can modify the path policy applied to the site to direct the appropriate application traffic toward Azure.