: Configure Prisma Access (Cloud Managed) CloudBlade
Focus
Focus

Configure Prisma Access (Cloud Managed) CloudBlade

Table of Contents

Configure Prisma Access (Cloud Managed) CloudBlade

  1. From the
    Prisma SD-WAN
    web interface, select
    CloudBlades
    .
  2. In
    CloudBlades
    , locate the
    Prisma Access for Networks (Cloud Managed)
    CloudBlade and click
    Configure
    . If this CloudBlade does not appear in the list, contact Palo Alto Networks Support.
  3. Enter the following information in the fields shown below, change where appropriate:
    1. VERSION
      : Select the version of the CloudBlade to use (3.0.1).
    2. ADMIN STATE
      : For Admin State, select/retain Enabled.
    3. ION PEERING DEFAULT LOCAL AS NUMBER
      : The BGP Local AS number is defined to quickly onboard ECMP sites. This can be any 16-bit AS number, but private BGP AS number(s) are recommended.
    4. TUNNEL IDENTIFIER PRISMA ACCESS FOR NETWORKS SIDE
      : Enter an FQDN IKE identifier in name@domain.com format. This identifier will be used by Prisma Access to identify remote tunnel connections.
    5. TUNNEL IDENTIFIER TEMPLATE, PRISMA SD-WAN SIDE
      : Enter an FQDN IKE identifier in name@domain.com format. This identifier should be different from the Prisma Access identifier. This identifier will be used as a template to generate a unique ID per tunnel.
    6. TUNNEL INNER IP POOL
      : Specify an IP pool using IP/Mask notation. This IP Pool should be unused or unique across the entire network and should not be used by the Palo Alto Service Infrastructure Subnet.
      The number of tunnels that can be created in the Prisma SD-WAN Fabric to Prisma Access are directly limited by this configuration. Each tunnel will use a /31 subnet from this pool.
    7. TUNNEL PSK SEED
      : Specify a string of text which will be used to derive the unique pre-shared keys (PSKs) used per tunnel.
    8. ENFORCE DEFAULT PRISMA SD-WAN LIVELINESS PROBES
      : For Prisma Access, the default is to leverage an ICMP probe to the last Prisma Access Infrastructure IP address. This can be reconfigured to probe non default tunnel monitor IP address which were configured during Prisma Access integration.
  4. Click
    Save
    after the settings are configured.

Recommended For You