Prisma SD-WAN
Panorama High Availability (HA) Support
Table of Contents
Panorama High Availability (HA) Support
Prisma Access for Networks (Panorama Managed) CloudBlade integration with an existing
Panorama HA pair.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
Supported CloudBlade:
|
|
To enable the Prisma Access for Networks (managed by Panorama) CloudBlade integration
with an existing Panorama HA pair, make sure you meet the following criteria:
- Set up the Panorama HA pair and save the serial numbers of both the Panorama instances.
- Install the Prisma SD-WAN authorization key on both Panorama instances.
- The CSP version running on both the Panorama instances must be identical.
Configure the CloudBlade HA Panorama Pair
To configure the Prisma SD-WAN integration on a Panorama HA pair, enable the active
Panorama to register itself. The CloudBlade must indicate a successful integration
on the CloudBlade configuration screen. After successful registration, enable the
Prisma SD-WAN integration on the passive Panorama instance.
The serial numbers can be in any order. Make sure to avoid
whitespaces between serial numbers.
Handle Failover Events
The Prisma SD-WAN integration with Panorama HA pair enabled can have the following
scenarios:
- The Prisma Access for Networks (Managed by Panorama) CloudBlade issues commands (makes changes) only on an active Panorama instance.
- The CloudBlade accepts the Panorama passive instance after the Panorama active instance shows no activity for 10 minutes.
- The CloudBlade rewrites any unsynced changes from the active to passive instances, after a failover on a Panorama pair.
- The Panorama instances' serial numbers can be changed at any time.
- If you're moving from a HA Panorama to a Non-HA setup, update the serial number from the CloudBlade configuration screen by entering the correct Panorama serial number.