Lets see how to assign tags to objects in the Prisma
SD-WAN portal.
Once the CloudBlade is configured, the next task is to tag Prisma SD-WAN sites and interfaces to
denote which sites and interfaces are candidates for integration with Azure Virtual
WAN.
In
Strata Cloud Manager
, go to
Workflows
Branch Sites
and select the site that needs to be tagged.
Select the edit icon, and in the
Tags
(case sensitive.)
field, add the
azure_enabled
tag and enable it for Azure
vWAN.
Select
Done
.
Now, tag the interface that you can use to establish a Standard tunnel to the
virtual WAN. Go to
Workflows
Devices
and select the device to view the device configuration screen.
Locate the interfaces tab, select the interface connected to the circuit you
want to use to build the tunnel to Azure, and add a region-specific tag that corresponds to
the region the vWAN Hub you want to connect to is in (e.g.
azure_enabled_eastus
).
This interface must have a public IP address configured statically or via
DHCP, or if behind a NAT device one must have the
External
NAT Address & Port
defined under the Advanced
Options for this interface.
In version 1.0.1, an Azure vWAN limitation restricts tagging and using
only one interface to build a tunnel to a single vWAN hub in Azure. This
restriction prevents the use of multiple transports to connect to the
same vWAN hub. However, starting from version 2.0.1, Azure has removed
this limitation, allowing multiple interfaces to build tunnels to the
same vWAN hub. This enables the use of these tunnels in active/active
mode for enhanced connectivity to the vWAN hub
After completing this configuration, the next integration cycle (approximately
60 seconds) will initiate the creation and onboarding of Standard IPSEC tunnels
between the Prisma SD-WAN ION and the Azure virtual WAN Hub. It may take several
cycles for the tunnels to appear and become active on the Prisma SD-WAN and for
the VPN site objects to show up in the Azure.