| Where Can I Use This? | What Do I Need? |
|---|
|
Supported CloudBlades:
- Prisma Access for Networks (Managed by Panorama)
- Prisma Access for Networks (Cloud Managed)
|
- Prisma SD-WAN
- Prisma Access
- Supported Cloud Plugin Versions
- Prisma Access for Networks (Managed by Panorama) CloudBlade versions 3.x.x and
later
- Prisma Access for Networks (Cloud Managed) CloudBlade versions 3.x.x and
4.x.x
|
Before you can use a Standard VPN in a policy rule, you need to have defined service
endpoint groups. Each group can have one or more Prisma SD-WAN data
centers or standard service endpoints. A group will be used in policy rules. The
domain that defines the mappings for endpoints to groups must be assigned to a site
for the policy rules using the group to be effective. For more information, refer to
Managing Services and Data Center Groups. There can be four combinations of
Active/Backup groups that can be used in Policies. You can select just one Prisma
SD-WAN group or one non-Prisma SD-WAN group as an active or backup
path in policies. For example:
| Active Group | Backup Group | Example |
|---|
| Standard | Prisma SD-WAN | Internet-bound SSL traffic from a branch site will
transit through the Cloud Security Service. In the event all
standard VPN paths to any of the endpoints in the Primary Cloud
Security Service group are not available, internet-bound SSL traffic
will transit through one of the Prisma SD-WAN data
center endpoints assigned to that group through the Prisma SD-WAN VPN. |
| Prisma SD-WAN | Standard | Internet-bound SSL traffic from a branch site will
transit through one of the Prisma SD-WAN data center
endpoints assigned to that group via the Prisma SD-WAN VPNs. In the event all Prisma SD-WAN VPNs to all
of the Data Center endpoints in that group are unavailable,
internet-bound SSL traffic will transit through the Cloud Security
Service via one of the standard VPN paths to any of the endpoints in
the standard group. |
| Standard | Standard | Internet-bound SSL traffic from a branch site will
transit through the primary cloud security service via one of the
standard VPN paths to any of the endpoints in the primary cloud
security service group. In the event all standard VPNs are down to
all endpoints in the primary group, the Internet bound SSL traffic
will transit through the backup cloud security service via one of
the standard VPN paths to the endpoints that are part of the backup
group. |
| Prisma SD-WAN | Prisma SD-WAN | Internet-bound SSL traffic from a branch site will
transit through one of the Prisma SD-WAN data center
endpoints assigned to the active group via the Prisma SD-WAN VPNs. In the event all Prisma SD-WAN VPNs to all of those endpoints are
down, internet-bound SSL traffic will transit through one of the
Prisma SD-WAN data center endpoints assigned to the backup group via
the Prisma SD-WAN VPNs. |
