Prisma SD-WAN
Determine IPSec Termination Nodes (Panorama Managed CloudBlade)
Table of Contents
Determine IPSec Termination Nodes (Panorama Managed CloudBlade)
Determine IPSec Termination Nodes (Panorama Managed CloudBlade) Method 1 and Method 2
to begin configuration of a Remote Networking on-boarding.
In our example, the first method to determine the IPSec termination nodes, we use US
East as the location, which has two nodes behind it.
-
Click the IPSec Termination Node drop-down to view the
list of IPSec termination nodes.
![]()
These node names are listed in the order they are deployed on the backend, not alphabetically.The order of appearance of the two IPSec termination nodes is:- us-east-charlock
- us-east-banyan
Determine IPSec Termination Nodes Method #2
The second method to obtain the IPSec Termination Nodes within Prisma
Access for Networks is through the Panorama API. Within the API, you will see the
abbreviation of SPN, which is the reference for the IPSec Termination Nodes.
Using Panorama, navigate to the following subtree in the API within Panorama,
clicking on each item listed in bullets (notice the variation for single-tenant
versus multitenant).
Single Tenant Environment
https://panorama/api
- config
- devices
- localhost.localdomain (or appropriate name)
- plugins
- cloud_services
- remote-networks
- agg-bandwidth
Multi-Tenant Environment
https://panorama/api
- Configuration Commands
- devices
- localhost.localdomain (or appropriate name)
- plugins
- cloud_services
- multi-tenant
- tenants
- default-tenant
- remote-networks
- agg-bandwidth
The output of the API is similar to the following:
<response status="success" code="19"><result total-count="1" count="1"><agg-bandwidth><enabled>yes</enabled><region><entry name="europe-central"><allocated-bw>100</allocated-bw><spn-name-list><member>europe-central-aspen</member></spn-name-list></entry><entry name="us-east"><allocated-bw>600</allocated-bw><spn-name-list><member>us-east-charlock</member><member>us-east-banyan</member></spn-name-list></entry><entry name="canada-central"><allocated-bw>100</allocated-bw><spn-name-list>
A sample from the web interface would also look similar to the above. The
us-east appears first in the list, followed by the node
names underneath.
The IPSec Termination Node names are listed below the entry named
spn-name-list with indentation. The order seen here’s the
same order as the Panorama interface shown in the previous section.
IPSec Termination Node Conventions and Tag Nomenclature
With the information obtained above from our nodes for
us-east, the tagging methodology for the CloudBlade can
now be determined. The tag constructs for the CloudBlade with Aggregate
Bandwidth licensing would look as follows:
Prisma_region: <<region name>>:<<IPSec Termination Node Name or
Number>>
With this construct, the tags for the interfaces will look similar to the
following:
prisma_region:us-east-1:us-east-charlock
prisma_region:us-east-1:us-east-banyan
OR
prisma_region:us-east-1:1
prisma_region:us-east-1:2
The node name (us-east-charlock) or order that the node appears in the list (1) can
both be used in the naming convention for the interface tags.
To assist with the automation of the scripts and deployments, the Prisma SD-WAN
Tagger Utility Script can be used to help create or
configure the tags.