Focus

Configure Device Initiated Connections for Circuits

Table of Contents

Filter

Expand All | Collapse All

Prisma SD-WAN Docs

Administration
Deployment
Incidents & Alerts
CloudBlades
Version
- AWS Transit Gateway
- Azure vWAN
- Azure vWAN with vION
- ChatBot for MS Teams
- ChatBot for Slack
- CloudBlades Integration with Prisma Access
- GCP NCC
- Service Now
- Zoom QSS
- Zscaler Internet Access
Reference
Release Notes
Version
- ION 5.2
- ION 5.3
- ION 5.4
- ION 5.5
- ION 5.6
- ION 6.0
- ION 6.1
- ION 6.2
- ION 6.3
- ION 6.4
- New Features Guide
- On-Premises Controller
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed
- Prisma SD-WAN CloudBlades

Configure Circuit Categories

Add Public IP LAN Address to Enterprise Prefixes

Configure Device Initiated Connections for Circuits

ION devices can connect to the controller for various services such as MRL service, statistics, flows, logs, and remote access of device toolkit.

Where Can I Use This?	What Do I Need?
Prisma SD-WAN	Active Prisma SD-WAN license

Prisma SD-WAN ION devices initiate multiple connections to the controller for various services such as Message Routing Layer (MRL) service, statistics, flows, logs, and remote access of device toolkit. For services connecting to the controller using random paths or interfaces, you can exclude certain interfaces or paths from being used for these services. For example, an expensive metered LTE circuit is used as a last resort interface to maintain connectivity to the controller.

In addition, ION devices generate application reachability probes when an application or prefix is unreachable for a particular path. However, if a particular circuit is to be used as a path of last resort only, then the amount of non end-user traffic going over that specific circuit should be minimized. You can exclude certain circuits and circuit categories from being used for device initiated connections by using the Use for controller connections and Use for application probes options.

You can prioritize ION device interfaces use for device initiated connections in the order of first controller port interface, LAN port, any interface which does not have a label attached, but has an IP address, and then interfaces with circuit labels attached. The order of preference is based on the cost of a circuit. A circuit with a higher cost has a lower preference for device to controller connections.

Select WorkflowsSites/Data CentersConfiguration.
Click Change Circuits for either Internet Circuits or Private WAN Circuits.
Click Edit below the circuit name.
On the Circuit Information screen, select Yes for Controller Connections, only if using the circuit for connecting to the controller for device related services.
Select No, if this circuit is to be excluded from connecting to the controller for device related services such as metered LTE circuits.
Select Use Circuit Category Setting for selecting the configuration from the Circuit Category.
Select Yes for App Reachability Probes, only if using the circuit for checking the reachability of an application for a given path.
Select No, if this circuit is to be excluded from checking the reachability of an application for a given path such as metered LTE circuits. Select Use Circuit Category Setting for selecting the configuration from the Circuit Category.
Click Done.

A DEVICESW_INITIATED_CONNECTION_ON_EXCLUDED_PATH alarm is generated when a device initiated controller connection is established using an excluded interface or path. The lack of an available interface or path has forced the connection on an excluded path or interface as a last resort.

Configure Circuit Categories

Add Public IP LAN Address to Enterprise Prefixes

Prisma SD-WAN Docs

Configure Device Initiated Connections for Circuits

Prisma SD-WAN Docs

Configure Device Initiated Connections for Circuits

Activation & Onboarding

SASE

Visibility & Monitoring

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

Prisma SD-WAN Integration

Prisma SD-WAN Experts Corner

Best Practices