Configure and Install the AWS Transit Gateway Integration CloudBlade

1. Provide the AWS Access Key ID and the Access Key ID Secret retrieved from the previous step.
2. Provide the Transit Gateway ID in the format Region:TGW-ID.
   Only one region must be mapped to one TGW ID. Multiple TGW entries can be populated in a comma separated format.

   From version 2.0.0 onwards, a particular region(s) can be directly removed from the CloudBlade configuration screen. This was earlier possible only by disabling the CloudBlade. You can also replace the TGW ID in a region and the connection will get established with the new TGW ID.
3. Provide a VPC CIDR block for the Prisma SD-WAN connect VPC. The VPC CIDR block has to have a subnet mask between /16 and /26. Four distinct subnets will be carved out for the public and private subnets on each vION. This should be in the RFC 1918 address space. For multi-region deployments the same VPC CIDR will be reused on all regions.
4. For the TGW GRE Tunnel CIDR Block, provide a new CIDR block that does not overlap the VPC CIDR block. This GRE CIDR block must have any one of the following subnet masks /8, /16, or /24. For multi-region deployments the same VPC CIDR will be re-used on all regions.
5. For BGP PEER IP ADDRESS CIDR allocate a /29 IP subnet to be used for the GRE tunnel interface on both the ends.This address block will also be used for establishing core peering from both the DC vIONs with the Transit Gateway’s connect peers. The CIDR block has to be in the “169.254.x.x/29” subnet as required by AWS. Only one /29 prefix is needed, the Cloudblade will use this as a base and increment as many /29 subnets are required based on the number of regions deployed.

6. Ensure at least 2 licenses are available to deploy both v7108 IONs, for each region you wish to deploy the Prisma SD-WAN Datacenter site.

7. Click Install once all fields in the CloudBlade configuration is populated.