Focus

Prisma SD-WAN

Configure the ION Device at a Branch Site

Table of Contents

Filter

Expand All | Collapse All

Prisma SD-WAN Docs

Activation & Onboarding
Administration
CloudBlades
Select a Document
- CloudBlade Integrations
- CloudBlades Integration with Prisma Access
Deployment
Incidents & Alerts
Reference
Release Notes
Select a Document
- 6.5
- 6.4
- 6.3
- 6.1
- 5.6
- Prisma SD-WAN Controller
- Prisma SD-WAN On-Premises Controller
- Prisma SD-WAN CloudBlades
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed
Prisma SASE

Configure Device Access One-Time Password

Configure the ION Device at a Data Center

Configure the ION Device at a Branch Site

Learn about how to configure the ION device at a branch site.

Where Can I Use This?	What Do I Need?
Prisma SD-WAN (Managed by `Strata Cloud Manager`)	Prisma SD-WAN

Configure the branch ION device to connect to the internet and a private network.

By default, the following ports have hardware bypass capability and set to fail open or closed:

Ports 4/5 on the ION 2000.
All LAN/WAN ports on the ION 3000.
Ports 5/6 and 7/8 on the ION 7000.
Ports 1/2, 3/4, 5/6, 7/8 on the ION 9000.

Before you configure the device, gather the following information:

Internet port IP address, subnet mask, and default gateway address.
LAN subnets and their VLAN IDs (if applicable) that you would like the SD-WAN system to control.

Select ConfigurationPrisma SD-WANION DevicesClaimed and select the device you wish to configure.
From the ellipsis menu, select Configure the device.
The device configuration screen displays.
On the Basic Info screen, enter a name and an (optional) description for the device.
The ION device model, redundancy mode, serial number, and software version display automatically.
- Enable L3 Direct Private WAN Forwarding (toggle enabled by default): Enables Layer 3 forwarding over the private WAN underlay. This allows traffic to be routed directly across private WAN links without additional encapsulation.
- Enable L3 LAN Forwarding (toggle enabled by default): Allows traffic to be forwarded to and from LAN interfaces. This option is only applicable when L3 Direct Private WAN Forwarding is enabled.
- Application Reachability Probe (toggle enabled by default): Sends probes to verify application reachability over a specific path only when an application and destination is deemed unreachable. You can configure which interface is responsible for generating these probes.
- Click Create an HA group, to create an ION device cluster.
Navigate to Device Toolkit to enable device session access.
- For Enable Device Session Access, toggle Yes.
- For Enable Outbound SSH, toggle Yes, if you want to use the device CLI commands to SSH from an ION device to another device within your enterprise network. The default value is No.
- Change values for Inactive Interval, Retry Login Count, and Account Disabled Interval, if needed.
- You can access the device CLI from the web interface.
Navigate to Interfaces to configure the controller ports, internet ports, and the WAN/LAN ports.

Configure the ION Device at a Data Center

Prisma SD-WAN Docs

Configure the ION Device at a Branch Site

Prisma SD-WAN Docs

Configure the ION Device at a Branch Site

Related CLIs

Activation & Onboarding

SASE

Visibility & Monitoring

FedRAMP

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

Prisma SD-WAN Integration

Prisma SD-WAN Experts Corner

Best Practices

Resources