>
    Install On-Premises Controller using CLIs
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma SD-WAN
    3. Understand Installation Workflow
    4. Install the On-Premises Controller
    5. Install On-Premises Controller using CLIs
    Download PDF
    Prisma SD-WAN

    Install On-Premises Controller using CLIs

    Table of Contents

    Install On-Premises Controller using CLIs

    Install the On-Premises Controller using the CLIs.
    To install the On-Premises Controller for Prisma SD-WAN using a script:
    1. Download qcow file. Contact your Palo Alto Networks Partner for assistance.
    2. Bring up the VM using the downloaded qcow file. <using OpenStack>
    3. Login to the VM using ubuntu/ubuntu.
    4. Format the disk space by executing the command:
      
printf 'd\n\nn\n\n\n\nN\nw' | sudo fdisk /dev/vda
    5. Provide the server details by executing the command: . 
      controller_install install -SIP <provide_your_management-IP> -TN "provide_tenant_name" -TND "provide_tenant_north_bound_domain" -TSD "provide_south_bound_domain" -NSP "" -DSP "" --template "provide_the_template_details"
    6. After completion, you will see the following output:
      Install triggered succesfully
      Check the status of the controller by executing the command controller_install status. It takes about 60 minutes for the installation to complete.
      ubuntu@ubuntu:~$ controller_install status 
Installation Status: Complete 
Completion percentage: 100.0 
Installation Details: Steps (5/5) 
Step: Preparation for Controller deployment 
Status: complete 
Completion percentage: 100.0 
Step: Install Controller Status: complete 
Completion percentage: 100.0 
Step: Setup Controller monitoring Status: complete 
Completion percentage: 100.0 
Step: Controller configuration and finalization Status: complete 
Completion percentage: 100.0 
Step: Verify installation Status: complete 
Completion percentage: 100.0

    Configure Certificate on the Device Using CLI Commands

    Update the CA chain on the ION device version older than 6.2.3-b2 release.
    Update the CA chain on ION devices running on software version older than 6.2.3-b2 release.
    1. Set up the controller chain file in the devices.
    2. Copy the ca chain file from the controller:
      /home/ubuntu/certs/cachain.cgnx.net.pem
    3. Replace or create the following files in the device, contact your Palo Alto Networks representative to update the CA certificate on the ION device.
      /config/certs/controller_ca_chain.pem
      /etc/certs/controller_ca_chain.pem
    4. Add the static host details to the device:
      config static host add ip <Controller_IP> name controller.local.cgnx.net
config static host add ip <Controller_IP> names locator.cgnx.net
config static host add ip <Controller_IP> names mfg.local.cgnx.net
config static host add ip <Controller_IP> names vmfg.local.cgnx.net
config static host add ip <Controller_IP> names toolkitsessions.local.cgnx.net
    5. Verify that the controller details are reflected in the device by executing the command dump overview.
    6. After verification, create machine by accessing the controller using the device ID.

    © 2025 Palo Alto Networks, Inc. All rights reserved.