IPSec Termination Node Conventions and Tag Nomenclature
With the exposure of IPSec Termination
Nodes in Prisma Access for Networks utilizing Aggregate Bandwidth, previous
Prisma SD-WAN CloudBlade 1.0 and 2.0 versions are not compatible.
In order to leverage the Prisma Aggregate Bandwidth
feature, the 2.1.1 CloudBlade needs to be utilized. Within the 2.1.1 CloudBlade,
the logic exists for Prisma SD-WAN devices to specify the IPSec
Termination Nodes within a region.
Using the same information gained above from our
nodes for
us-east
, the tagging methodology
for the CloudBlade can now be determined. The tag constructs within
the 2.1.1 CloudBlade would look as follows:
Prisma_region: <<region name>> : <<IPSec Termination
Node Name or Number>>
With this construct, the tags for the interface(s) will look
similar to the following:
prisma_region:us-east-1:us-east-charlock
prisma_region:us-east-1:us-east-banyan
prisma_region:us-east-1:1
prisma_region:us-east-1:2
In 2.1.1, the node name (us-east-charlock) or order that the
node appears in the list (1) can both be used in the naming convention
for the interface tags.
In order to assist with the automation of the scripts/deployment,
the Prisma SD-WAN Tagger utility script can also be used to help
create/configure the tags: