Focus

Configure the Azure Virtual WAN

Table of Contents

Filter

Expand All | Collapse All

Prisma SD-WAN Docs

Administration
Deployment
Incidents & Alerts
CloudBlades
Version
- AWS Transit Gateway
- Azure vWAN
- Azure vWAN with vION
- ChatBot for MS Teams
- ChatBot for Slack
- CloudBlades Integration with Prisma Access
- GCP NCC
- Service Now
- Zoom QSS
- Zscaler Internet Access
Reference
Release Notes
Version
- ION 5.2
- ION 5.3
- ION 5.4
- ION 5.5
- ION 5.6
- ION 6.0
- ION 6.1
- ION 6.2
- ION 6.3
- ION 6.4
- New Features Guide
- On-Premises Controller
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed
- Prisma SD-WAN CloudBlades

Configure the Azure Virtual WAN with vION CloudBlade

Validate the Azure Virtual WAN Integration CloudBlade

Configure the Azure Virtual WAN

Configure the Azure virtual WAN

Before deploying the CloudBlade, it’s important to determine the kind of deployment that you are going to do. We support two deployment scenarios, Greenfield and Brownfield. Depending on the type of deployment you are doing it will determine which fields that need to be completed in the CloudBlade configuration.

Brownfield Deployment

This is the most common deployment model.
This would be used when you already have the Azure Virtual WAN and associated vWAN Hub(s) in the region or regions that you wish to deploy the SD-WAN data centers.
The CloudBlade will deploy a Resource Group with a Transit VNET (per region), the ION devices will be deployed in the Resource Group and the VNET will be connected to the local regional Hub.

Greenfield Deployment

The is a less common deployment model.
This would be used when you do not have a Virtual WAN configured in your Azure environment.
The CloudBlade will deploy a Virtual WAN and a vWAN Hub in the region or regions that you wish to deploy the SD-WAN data centers.
Once completed the CloudBlade will deploy a Resource Group with a Transit VNET (per region), the ION devices will be deployed in the Resource Group and the VNET will be connected to the local regional Hub.

To configure the Azure virtual WAN Integration app in Prisma SD-WAN:

In Strata Cloud Manager, go to ManageCloudBlades.
Locate the Azure Virtual WAN with vION and select Configure.
In the Azure Virtual WAN with vION Integration page, enter the following information in the fields shown below, change where appropriate.
Brownfield Configuration Example

Greenfield Configuration Example
- VERSION: Select the version of the Azure Virtual Network Integration CloudBlade.
- ADMIN STATE: For Admin State, select/retain Enabled.
- AZURE TENANT ID: Provide the Directory (tenant) ID generated in the previous section on Azure application registration. It is the ID of the Azure Active directory in which an application is created.
- AZURE CLIENT ID: Provide the Application (client) ID generated in the previous section on Azure application registration. Client ID uniquely identifies an application in the Microsoft identity platform.
- AZURE CLIENT SECRET: Provide the client secret generated under the Azure application registration. Client secret represents the authentication key string that is generated for a given app registration.
- AZURE SUBSCRIPTION ID: Provide the subscription ID noted down from the previous section. Subscription ID is a GUID that uniquely identifies the subscription to use Azure services
- TRANSIT VIRTUAL NETWORK CIDR: Provide comma-separated list of non-overlapping CIDRs for each region. The CIDR represents the private address space of the Virtual Network that hosts the Prisma SD-WAN vION instances and their associated resources in Azure. Prefix lengths of /16 up to /26 are supported. Format: <Azure Region Code>:<CIDR>. Example: westus:10.10.0.0/16.
  Enter information for TRANSIT VIRTUAL NETWORK CIDR if you have a brownfield or greenfield deployment.
- Optional VIRTUAL HUB CIDR: Provide a comma-separated list of non-overlapping CIDRs for each virtual hub to be deployed. Prefix lengths between /1 and /24 are supported. This field is required only for new virtual hub deployments (Greenfield). Format: <Azure Region Code>:<CIDR> Example: westus:10.35.0.0/24.
  Enter information for VIRTUAL HUB CIDR only if you have a greenfield deployment.
- Optional VIRTUAL WAN RESOURCE: Provide the name of the virtual WAN resource to be considered. This virtual WAN resource is used when deploying new vHUB(s) or referring to existing vHUB(s) identified in the Virtual Hub Resource(s) configuration. Format: <Resource Group Name>:<Virtual WAN Name>.
  Enter information for VIRTUAL WAN RESOURCE only if you have a brownfield deployment.
- Optional VIRTUAL HUB RESOURCES: Provide a comma-separated list of virtual hub resource(s) in the respective region(s) with which peering is established. All virtual hubs need to reside within the same vWAN instance identified by the Virtual WAN Resource configuration. Format: <Virtual Hub Name>.
  Enter information for VIRTUAL HUB RESOURCES only if you have a brownfield deployment.
Only virtual hubs in the same region can be associated with the transit vNET deployment in that region.
Click Save and Install after the settings are configured.

The deployment time for Greenfield deployments is around 20 to 25 minutes and the time taken for Brownfield deployments is around 10 to 15 minutes.