Configure the ION Device at a Branch Site
Focus
Focus

Configure the ION Device at a Branch Site

Table of Contents

Configure the ION Device at a Branch Site

Learn about how to configure the ION device at a branch site.
Where Can I Use This?What Do I Need?
  • Prisma SD-WAN
  • Active Prisma SD-WAN license
Configure the branch ION device to connect to the internet and a private network.
By default, the following ports have hardware bypass capability and set to fail open or closed:
  • Ports 4/5 on the ION 2000.
  • All LAN/WAN ports on the ION 3000.
  • Ports 5/6 and 7/8 on the ION 7000.
  • Ports 1/2, 3/4, 5/6, 7/8 on the ION 9000.
Before you configure the device, gather the following information:
  • Internet port IP address, subnet mask, and default gateway address.
  • (Optional) If the device is behind a firewall, NAT IP details are required.
  • LAN subnets and their VLAN IDs (if applicable) that you would like the SD-WAN system to control.
  1. Select WorkflowsDevicesClaimed and select the device you wish to configure.
  2. From the ellipsis menu, select Configure the device.
    The device configuration screen displays.
  3. On the Basic Info screen, enter a name and an (optional) description for the device.
    The ION device model, redundancy mode, serial number, and software version display automatically.
    • To Enable L3 Direct Private WAN Forwarding, toggle Yes or No. By default, the BGP configuration uses a bypass pair for private WAN underlay traffic, and a Layer 3 interface explicitly enables Layer 3 Direct Private WAN Forwarding for the private WAN underlay.
    • To Enable L3 LAN Forwarding, toggle Yes or No. Yes indicates that traffic forwarding to and from LAN interface, when Enable L3 Direct Private WAN Forwarding is enabled.
    • Enabled or Disabled the Application Reachability Probe, is used to probe for application reachability or to check if an application is reachable on a given path. Devices use the controller port as the source probe interface by default. On devices running 5.4.1 and later versions, you can configure a LAN port as a source probe interface.
    • Click Create an HA group, to create an ION device cluster.
  4. Navigate to Device Toolkit to enable device session access.
    • For Enable Device Session Access, toggle Yes.
    • For Enable Outbound SSH, toggle Yes, if you want to use the device CLI commands to SSH from an ION device to another device within your enterprise network. The default value is No.
    • Change values for Inactive Interval, Retry Login Count, and Account Disabled Interval, if needed.
    • You can access the device CLI from the web interface.
  5. Navigate to Interfaces to configure the controller ports, internet ports, and the WAN/LAN ports.