Understand Prisma SD-WAN and Prisma Access for Networks Integration
Learn a high-level summary of the Prisma Access Integration logic.
The following is a high-level summary
of the Prisma Access Integration logic:
- Prisma Access Integration checks for Prisma SD-WAN Sites
and Interfaces tagged with Prisma Access Integration markers.
- Prisma Access Integration creates a Site, Interface, Prisma
Access Region, and Prisma Access Bandwidth License plan to connect
the Prisma SD-WAN Tagged interfaces with Prisma Access instances.
This plan is referred to as a ‘Fabric Map.’
- Prisma Access Integration creates and/or synchronizes Prisma
SD-WAN Standard Endpoints, Service Groups, and IKE/IPsec policies
on Prisma SD-WAN and Panorama.
- Prisma Access Integration begins to create IKE/ IPsec constructs
in Panorama that are required to create the ‘Fabric Map’ planned
in step #2.
- The Integration checks if the Panorama changes differ from the
current, committed configuration. If it does, the changes will be
committed to Panorama and then pushed to Prisma Access Remote Networks.
- The Integration then checks the Prisma Access cloud API and
creates a list of the previously committed changes that are now
ready to be created into tunnels.
- The Integration then creates any needed Standard Tunnels on
Prisma SD-WAN and connects the tunnels.
- Finally, the Integration cleans up and removes any unused tunnels
and/or configurations that are no longer in use as a result changes
in the ‘Fabric Map.’
The Integration Logic is re-run every run interval; three (3)
minutes by default, unless modified in config.yml.
If any of the items fail in the integration run, the integration
will cease at that point and log an error. The integration logs
serve as the best tool to troubleshoot integration issues.