1. Home
    2. Prisma
    3. Prisma SD-WAN
    4. Prisma SD-WAN Administrator’s Guide
    5. Prisma SD-WAN Sites and Devices
    6. Configure the ION Device at a Branch Site

    Configure the ION Device at a Branch Site

    Learn about how to configure the ION device at a branch site.
    Configure the branch ION device to connect to the internet and a private network. By default, the following ports have hardware bypass capability and set to fail open or closed:
    • Ports 4/5 on the ION 2000.
    • All LAN/WAN ports on the ION 3000.
    • Ports 5/6 and 7/8 on the ION 7000.
    • Ports 1/2, 3/4, 5/6, 7/8 on the ION 9000.
    Before you configure the device, gather the following information:
    • Internet port IP address, subnet mask, and default gateway address.
    • (Optional)
      If the device is behind a firewall, NAT IP details are required.
    • LAN subnets and their VLAN IDs (if applicable) that you would like the SD-WAN system to control.
    1. From
      MAP
      Claimed Devices
      , select the device to configure.
    2. From the ellipsis menu, select
      Configure the device
      .
      The device configuration screen displays.
    3. On the
      Basic Info
       screen, enter a name and an
      (optional)
       description for the device.
      The ION device model, redundancy mode, serial number, and software version display automatically.
      • To
        Enable L3 Direct Private WAN Forwarding
        , toggle
        Yes
         or
        No
        . By default, the BGP configuration uses a bypass pair for private WAN underlay traffic, and a Layer 3 interface explicitly enables Layer 3 Direct Private WAN Forwarding for the private WAN underlay.
      • To
        Enable L3 LAN Forwarding
        , toggle
        Yes
         or
        No
        . Yes indicates that traffic forwarding to and from LAN interface, when
        Enable L3 Direct Private WAN Forwarding
         is enabled.
      • Enabled
         or
        Disabled
         the
        Application Reachability Probe
        , is used to probe for application reachability or to check if an application is reachable on a given path. Devices use the controller port as the source probe interface by default. On devices running 5.4.1 and later versions, you can configure a LAN port as a source probe interface.
      • Click
        Create an HA group
        , to create an ION device cluster.
    4. Navigate to
      Device Toolkit
       to enable device session access.
      • For
        Enable Device Session Access
        , toggle
        Yes
        .
      • For
        Enable Outbound SSH
        , toggle
        Yes
        , if you want to use the device CLI commands to SSH from an ION device to another device within your enterprise network. The default value is
        No
        .
      • Change values for
        Inactive Interval
        ,
        Retry Login Count
        , and
        Account Disabled Interval
        , if needed.
      • You can access the device CLI from the web interface.
    5. Navigate to
      Interfaces
       to configure the controller ports, internet ports, and the WAN/LAN ports.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo