IPSec Termination Node Conventions and Tag Nomenclature

With the exposure of IPSec Termination Nodes in Prisma Access for Networks utilizing Aggregate Bandwidth, previous Prisma SD-WAN CloudBlade 1.0 and 2.0 versions are not compatible.
In order to leverage the Prisma Aggregate Bandwidth feature, the 2.1.1 CloudBlade needs to be utilized. Within the 2.1.1 CloudBlade, the logic exists for Prisma SD-WAN devices to specify the IPSec Termination Nodes within a region.
Using the same information gained above from our nodes for
us-east
, the tagging methodology for the CloudBlade can now be determined. The tag constructs within the 2.1.1 CloudBlade would look as follows:
Prisma_region: <<region name>> : <<IPSec Termination Node Name or Number>>
With this construct, the tags for the interface(s) will look similar to the following:
prisma_region:us-east-1:us-east-charlock
prisma_region:us-east-1:us-east-banyan
OR
prisma_region:us-east-1:1
prisma_region:us-east-1:2
In 2.1.1, the node name (us-east-charlock) or order that the node appears in the list (1) can both be used in the naming convention for the interface tags.
In order to assist with the automation of the scripts/deployment, the Prisma SD-WAN Tagger utility script can also be used to help create/configure the tags:

Recommended For You