Focus

Prisma SD-WAN

Overview of On-Premises Controller

Table of Contents

Filter

Expand All | Collapse All

Prisma SD-WAN Docs

Activation & Onboarding
Administration
CloudBlades
Version
- CloudBlade Integrations
- CloudBlades Integration with Prisma Access
Deployment
Incidents & Alerts
Reference
Release Notes
Version
- 5.6
- 6.1
- 6.2
- 6.3
- 6.4
- 6.5
- New Features Guide
- On-Premises Controller
- Prisma SD-WAN CloudBlades
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed

Enable, Pause, Disable, and Uninstall the CloudBlade

Check Tunnel Status

Minimum Hardware Requirements

Overview of On-Premises Controller

Learn the On-Premises Controller features.

On-Premises Controller for Prisma SD-WAN is a secure and reliable solution for users who don't want to use Cloud Controller for regulatory or compliance reasons. The on-premise controller solution is a flexible and a highly scalable offering designed for data protection and access control without compromising on Prisma SD-WAN functionalities. Designed for enterprises handling highly sensitive data, such as government and financial institutions. On-Premises Controller for Prisma SD-WAN offers complete on-premises deployment with industry-leading data privacy and compliance adherence.

When to choose On-Premises Controller for Prisma SD-WAN:

Security: When you want to keep your sensitive data under your direct controller with on-premises deployment and robust security features.
Regulatory: When you need to meet data privacy and sovereignty regulations.

Installation Prerequisites

Learn about deploying the on-premises controller and the installation prerequisites.

The installation prerequisites to install the On-Premises Controller for Prisma SD-WAN are:

Configure VM as per the deployment size, refer the minimum hardware requirements.
Download the qcow2 installer. Note that qcow2 is based on Ubuntu 20.04.5. (Contact Palo Alto Support or Palo Alto Partner for support, if needed).
Reserve one static IP address for the deployed controller connectivity.
Password-less sudo access. Requires Ubuntu user access and the Ubuntu user must be on the sudo users' list. Refer to the Understand Installation Workflow.
KVM or ESXi Hypervisor running on qcow2 host OS.
Network Services: Host Server OS qcow2 provided by Palo Alto Networks, NTP Server running standard NTP service, and DNS (optional) Private DNS server is preferred.
Do not modify the OS and software packages.

It's recommended to disable the internet connection when installing the VM and the OS. Download the OS image from the download link shared by Palo Alto Networks.

General Information

Supports fully air-gapped installation process, no internet access required during installation.
A backup location to store periodic config backups at /mnt_ebs/backup_config.
One management IP for the multi-node controller virtual machine (VM) installation.
Firewall TCP ports: the following ports need to be opened to allow inbound communication from users and ION devices to the controller:
- Admin host to <controller-ip>: TCP 443/9443 for browser access, TCP/22 for SSH.
- ION device to <controller-ip>: TCP/443.
Current API rate limit/concurrent calls limited to 20.

Enable, Pause, Disable, and Uninstall the CloudBlade

Check Tunnel Status

Minimum Hardware Requirements

Prisma SD-WAN Docs

Overview of On-Premises Controller

Prisma SD-WAN Docs

Overview of On-Premises Controller

Installation Prerequisites

General Information

Activation & Onboarding

SASE

Visibility & Monitoring

FedRAMP

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

Prisma SD-WAN Integration

Prisma SD-WAN Experts Corner

Best Practices

Resources