Focus

Add a Standard VPN Endpoint

Table of Contents

Filter

Expand All | Collapse All

Prisma SD-WAN Docs

Administration
Deployment
Incidents & Alerts
CloudBlades
Version
- AWS Transit Gateway
- Azure vWAN
- Azure vWAN with vION
- ChatBot for MS Teams
- ChatBot for Slack
- CloudBlades Integration with Prisma Access
- GCP NCC
- Service Now
- Zoom QSS
- Zscaler Internet Access
Reference
Release Notes
Version
- ION 5.2
- ION 5.3
- ION 5.4
- ION 5.5
- ION 5.6
- ION 6.0
- ION 6.1
- ION 6.2
- ION 6.3
- ION 6.4
- New Features Guide
- On-Premises Controller
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed
- Prisma SD-WAN CloudBlades

Service and Data Center Groups

Add Groups

Add a Standard VPN Endpoint

Lets learn about the addition of third-party or standard VPN endpoints in Prisma SD-WAN. A service endpoint is a label representing a specific location or network service.

Where Can I Use This?	What Do I Need?
Prisma SD-WAN	Active Prisma SD-WAN license

A service endpoint is a label representing a specific location or network service. It can be Prisma SD-WAN data centers for transit services or third-party data centers.

Select ManageResourcesService & DC Groups.
Select Manage Endpoints to an endpoint.
Select Standard VPN from the drop-down and click Add Endpoint.
All Palo Alto Networks data center sites are automatically added when Admin Up is selected, which means that it can accept traffic per network policy. These endpoints cannot be deleted from the list. You can clear the Admin Up selection to remove the endpoints from consideration when the system performs path selection per the defined network policy rules.
Enter a Name, and optionally, a Description for the service endpoint.
Select Admin Up to bring it up.
If you do not select Admin Up, the endpoint is not used in path selection for forwarding traffic.
(Optional) Select Allow Enterprise Traffic to explicitly allow enterprise traffic to transit through the Cloud Security Service.
(Optional) Enter Address of the endpoint location.
(Optional) Add values for the IPs & Hostnames and select the Disable Tunnel Reoptimization to disable the tunnel reoptimizing for latency change.

When multiple IP addresses or URLs are configured under a Standard VPN endpoint, the ION device probes each endpoint IP address (it will resolve the URLs if configured) to determine the lowest latency endpoint. After the lowest latency endpoint is determined, the ION device builds the Standard VPN tunnel to that IP address. If the configuration liveliness check fails, then it uses the next lowest latency endpoint IP address in the list. Additionally, the ION device tracks the current latency to each endpoint IP address, and, if there is a significant change in the latency to the closest endpoint from the current endpoint, the tunnel is moved.
(Optional) Enter Liveliness Probe information for liveliness probing.

For ICMP PING, enter values for probing interval, failure count, and IP address. For HTTP, enter values for probing interval, failure count, HTTP status codes, and URL.
Save & Exit the endpoints dialog.

After adding the endpoints, proceed to add groups and add domains.

Service and Data Center Groups

Add Groups

Prisma SD-WAN Docs

Add a Standard VPN Endpoint

Prisma SD-WAN Docs

Add a Standard VPN Endpoint

Activation & Onboarding

SASE

Visibility & Monitoring

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

Prisma SD-WAN Integration

Prisma SD-WAN Experts Corner

Best Practices