Troubleshoot the AWS Tansit Gateway Integration
Lets see how to Troubleshoot the AWS Transit Gateway
Integration CloudBlade in Prisma SD-WAN.
Prisma SD-WAN vION does not show up under
unclaimed devices
Check on AWS if the CloudFormation
stack creation was successful.
Confirm if at least 2 x v7108 licenses are available for
the vION HA pair creation, for each region where you wish to deploy.
Check if there are at least 2 Elastic IPs available, for
each region where you wish to deploy.
BGP peering is down
Check if the
GRE tunnel is created.
Check if the connect attachment and connect peers are configured. Ensure
the connect BGP peers is in Available state.
Check on AWS if the Prisma SD-WAN Connect VPC’s route table
has a route to the TGW CIDR.
Check if EBGP Multihop is configured for the BGP peer on
the Prisma SD-WAN portal for each ION.
End to end traffic does not go through
Check
if Prisma SD-WAN VPNs are up between branch site and AWS DC site.
Check if the BGP peering between Datacenter IONs and the
Transit Gateway is up and the routes are learned and advertised
from the active ION.
Check the flow browser for the branch ION from where the
traffic is being sent to the AWS VPC.
Check if the service and DC group includes the AWS Datacenter.
Check the Path policy.
Check if there is a security policy rule that is blocking
traffic.
Check Application VPC’s route table and security group.