Service and Data Center Groups
Table of Contents
Expand all | Collapse all
-
-
- Configure Circuits
- Configure Circuit Categories
- Configure Device Initiated Connections for Circuits
- Add Public IP LAN Address to Enterprise Prefixes
- Add a Branch
- Add a Data Center
- Manage Data Center Clusters
- Configure a Site Prefix
- Configure a DHCP Server
- Configure NTP for Prisma SD-WAN
- Enable IoT Device Visibility in Prisma SD-WAN
- Configure the ION Device at a Branch Site
- Configure the ION Device at a Data Center
- Switch a Site to Control Mode
- Allow IP Addresses in Firewall Configuration
-
- Configure a Controller Port
- Configure Internet Ports
- Configure WAN/LAN Ports
- Configure a Sub-Interface
- Configure a Loopback Interface
- Configure a PPPoE Interface
- Configure a Layer 3 LAN Interface
- Configure Application Reachability Probes
- Configure a Secondary IP Address
- Configure a Static ARP
- Configure a DHCP Relay
- Configure IP Directed Broadcast
-
-
- Configure IPFIX
- Configure IPFIX Profiles
- Configure IPFIX Templates
- Configure Collector Contexts
- Configure Filter Contexts
- Configure Global IPFIX Prefixes
- Configure Local IPFIX Prefixes
- Attach an IPFIX Profile to an ION Device
- Attach a Collector Context to a Device Interface
- Attach a Filter Context to a Device Interface
- Configure High Availability (HA) for IPFIX
- Flow Information Elements
- Options Information Elements
- Configure SNMP
-
-
-
- Prisma SD-WAN Branch Routing
- Prisma SD-WAN Data Center Routing
-
- Configure Multicast
- Create a WAN Multicast Configuration Profile
- Assign WAN Multicast Configuration Profiles to Branch Sites
- Configure a Multicast Source at a Branch Site
- Configure Global Multicast Parameters
- Configure a Multicast Static Rendezvous Point (RP)
- Learn Rendezvous Points (RPs) Dynamically
- View LAN Statistics for Multicast
- View WAN Statistics for Multicast
- View IGMP Membership
- View the Multicast Route Table
- View Multicast Flow Statistics
- Prisma SD-WAN Incident Policies
-
- Prisma SD-WAN Branch HA Key Concepts
- Configure Branch HA
- Configure HA Groups
- Add ION Devices to HA Groups
- View Device Configuration of HA Groups
- Edit HA Groups and Group Membership
-
- Configure Branch HA with Gen-1 Platforms (2000, 3000, 7000, and 9000)
- Configure Branch HA with Gen-2 Platforms (3200, 5200, and 9200)
- Configure Branch HA with Gen-2 Embedded Switch Platforms (1200-S or 3200-L2)
- Configure Branch HA for Devices with Software Cellular Bypass (1200-S-C-5G)
- Configure Branch HA for Platforms without Bypass Pairs
-
-
- Native SASE Integration with Prisma SD-WAN
- Connect a Single Prisma SD-WAN Site to Prisma Access
- Connect Multiple Prisma SD-WAN Sites to Prisma Access
- Edit Application Policy Network Rules
- Understand Service and Data Center Groups
- Verify Standard VPN Endpoints
- Configure Standard Groups
- Assign Domains to Sites
- Prisma SD-WAN Incidents and Alerts
Service and Data Center Groups
Palo Alto Networks maps third-party services
and data centers to allow flexibility when creating network policy
rules to account for uniqueness across sites. For example, you may
create a single network policy that directs all HTTP and SSL internet
bound traffic through the primary cloud security service in the region
if available. If the primary cloud service is not available, you
may leverage the backup cloud security service in the region. You
may have different primary and backup cloud security service endpoints
based on your geographic location. The intent and the policy rules
remains the same regardless of the site location.
The illustration below displays how endpoints, added to a group,
are associated with a domain.
The domains are bound to a site, thus uniquely mapping third-party
services or data centers to each site. You can map a group, with
different endpoints, to one or more domains and map a domain to
one or more sites.
A site can use only the endpoints configured in a group within
a domain that is assigned to the site. The same group, however,
can be in multiple domains with different service endpoints, which
allows you to use the same policy across different sites utilizing
different endpoints.