Configure and Install Prisma Access for Networks (managed by Panorama)

Configure the Prisma SD-WAN CloudBlade to prepare the Prisma SD-WAN Controller for integration.
  1. From the
    Prisma SD-WAN
    web interface, select
    CloudBlades
    .
  2. In
    CloudBlades
    , locate the
    Prisma Access for Networks Integration (managed by Panorama)
    CloudBlade and click
    Configure
    . If this CloudBlade does not appear in the list, contact Prisma SD-WAN Support.
  3. Select the
    Prisma Access for Networks (managed by Panorama)
    CloudBlade to view the CloudBlade Installation page. Enter the following information in the fields shown below, change where appropriate:
    1. VERSION
      : Select the version of the CloudBlade to use (2.1.2).
    2. ADMIN STATE
      : For Admin State, select/retain Enabled.
    3. PANORAMA HOSTNAME/IP
      : Enter the Hostname and/or IP Address of the Panorama XML API Interface. This is typically the same Hostname/IP Address as the Management Web UI.
    4. PANORAMA ADMIN USERNAME
      : Enter the Admin username for Prisma SD-WAN to use for Prisma Access related configuration changes and updates to Panorama.
    5. ION PEERING DEFAULT LOCAL AS NUMBER
      : Starting with version 2.0.3 and higher, a BGP Local AS number is defined to quickly onboard ECMP sites. This can be any 16-bit AS number, but private BGP AS number(s) are recommended.
    6. TUNNEL IDENTIFIER PRISMA ACCESS FOR NETWORKS SIDE
      : Enter an FQDN IKE identifier in name@domain.com format. This identifier will be used by Prisma Access to identify remote tunnel connections.
    7. TUNNEL IDENTIFIER TEMPLATE, PRISMA SD-WAN SIDE
      : Enter an FQDN IKE identifier in name@domain.com format. This identifier should be different from the Prisma Access identifier. This identifier will be used as a template to generate a unique ID per tunnel.
    8. TUNNEL INNER IP POOL
      : Specify an IP pool using IP/Mask notation. This IP Pool should be unused or unique across the entire network and should not be used by the Palo Alto Service Infrastructure Subnet.
    9. PRISMA MULTI-TENANT NAME
      : Specify the Tenant Name that will be used for Remote Networks with the CloudBlade.
    10. ENFORCE DEFAULT PRISMA SD-WAN LIVELINESS PROBES
      : For Prisma Access, the default is to leverage an ICMP probe to the last Prisma Access Infrastructure IP address.
    The number of tunnels that can be created in the Prisma SD-WAN Fabric to Prisma Access are directly limited by this configuration. Each tunnel will use a /31 subnet from this pool.
  4. Click
    Install
    after the settings are configured.

Recommended For You