Understand Prisma SD-WAN and Prisma Access for Networks Integration

Learn a high-level summary of the Prisma Access Integration logic.
The following is a high-level summary of the Prisma Access Integration logic:
  1. Prisma Access Integration checks for Prisma SD-WAN Sites and Interfaces tagged with Prisma Access Integration markers.
  2. Prisma Access Integration creates a Site, Interface, Prisma Access Region, and Prisma Access Bandwidth License plan to connect the Prisma SD-WAN Tagged interfaces with Prisma Access instances. This plan is referred to as a ‘Fabric Map.’
  3. Prisma Access Integration creates and/or synchronizes Prisma SD-WAN Standard Endpoints, Service Groups, and IKE/IPsec policies on Prisma SD-WAN and Panorama.
  4. Prisma Access Integration begins to create IKE/ IPsec constructs in Panorama that are required to create the ‘Fabric Map’ planned in step #2.
  5. The Integration checks if the Panorama changes differ from the current, committed configuration. If it does, the changes will be committed to Panorama and then pushed to Prisma Access Remote Networks.
  6. The Integration then checks the Prisma Access cloud API and creates a list of the previously committed changes that are now ready to be created into tunnels.
  7. The Integration then creates any needed Standard Tunnels on Prisma SD-WAN and connects the tunnels.
  8. Finally, the Integration cleans up and removes any unused tunnels and/or configurations that are no longer in use as a result changes in the ‘Fabric Map.’
The Integration Logic is re-run every run interval; three (3) minutes by default, unless modified in
. If any of the items fail in the integration run, the integration will cease at that point and log an error. The integration logs serve as the best tool to troubleshoot integration issues.

Recommended For You