Prisma SD-WAN Administrator’s Guide
    : Configure Device Initiated Connections for Circuits
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma
    3. Prisma SD-WAN
    4. Prisma SD-WAN Administrator’s Guide
    5. Prisma SD-WAN Sites and Devices
    6. Set Up Sites
    7. Configure Device Initiated Connections for Circuits
    Download PDF

    Prisma SD-WAN Administrator’s Guide

    Configure Device Initiated Connections for Circuits

    Table of Contents

    Configure Device Initiated Connections for Circuits

    ION devices can connect to the controller for various services such as MRL service, statistics, flows, logs, and remote access of device toolkit.
    Prisma SD-WAN
     ION devices initiate multiple connections to the controller for various services such as Message Routing Layer (MRL) service, statistics, flows, logs, and remote access of device toolkit. For services connecting to the controller using random paths or interfaces, you can exclude certain interfaces or paths from being used for these services. For example, an expensive metered LTE circuit is used as a last resort interface to maintain connectivity to the controller.
    In addition, ION devices generate application reachability probes when an application or prefix is unreachable for a particular path. However, if a particular circuit is to be used as a path of last resort only, then the amount of non end-user traffic going over that specific circuit should be minimized. You can exclude certain circuits and circuit categories from being used for device initiated connections by using the Use for controller connections and Use for application probes options.
    You can prioritize ION device interfaces use for device initiated connections in the order of first controller port interface, LAN port, any interface which does not have a label attached, but has an IP address, and then interfaces with circuit labels attached. The order of preference is based on the cost of a circuit. A circuit with a higher cost has a lower preference for device to controller connections.
    1. Select
      Workflows
      Sites/Data Centers
      Configuration
      .
    2. Click
      Change Circuits
       for either
      Internet Circuits
       or
      Private WAN Circuits
      .
    3. Click
      Edit
       below the circuit name.
    4. On the
      Circuit Information
       screen, select Yes for
      Controller Connections
      , only if using the circuit for connecting to the controller for device related services.
      Select No, if this circuit is to be excluded from connecting to the controller for device related services such as metered LTE circuits.
      Select
      Use Circuit Category Setting
       for selecting the configuration from the Circuit Category.
    5. Select Yes for
      App Reachability Probes
      , only if using the circuit for checking the reachability of an application for a given path.
      Select No, if this circuit is to be excluded from checking the reachability of an application for a given path such as metered LTE circuits. Select
      Use Circuit Category Setting
       for selecting the configuration from the Circuit Category.
    6. Click
      Done
      .
      A
      DEVICESW_INITIATED_CONNECTION_ON_EXCLUDED_PATH
       alarm is generated when a device initiated controller connection is established using an excluded interface or path. The lack of an available interface or path has forced the connection on an excluded path or interface as a last resort.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.