Strata Copilot
    Strata Multitenant Cloud Manager
    : Configure Per-Tenant Interconnect
    Focus
    Download PDF
    Focus
    1. Home
    2. Secure Access Service Edge
    3. Strata Multitenant Cloud Manager
    4. Service Provider Interconnects
    5. Manage Service Provider Interconnects
    6. Configure Per-Tenant Interconnect
    Download PDF

    Strata Multitenant Cloud Manager

    Configure Per-Tenant Interconnect

    Table of Contents

    Configure Per-Tenant Interconnect

    Explains how to configure per-tenant interconnect
    Where Can I Use This?What Do I Need?
    • Role: Multitenant Superuser or Superuser
    A per-tenant interconnect provides a dedicated, unique connection for each tenant, ensuring strong traffic isolation and enhanced security. This setup allows you to apply tenant-specific routing and security policies, making it ideal for multi-tenant environments or scenarios with strict security and compliance requirements, while enabling granular management and consistent performance for each tenant.
    This is supported only on GCP.
    To set up a per-tenant interconnect, perform the following:
    1. Access the Strata Multitenant Cloud Manager and select Configuration Configuration Center Set up Per Tenant Interconnect.
    2. Configure the Cloud Service Provider:
      1. Select the Compute Region to view available or applicable Cloud Service providers.
      2. Select the Tenant.
      3. Select the Cloud Service Provider, such as GCP, and proceed to the next step.
    3. Configure Interconnect:
      1. Enter a unique Interconnect Name.
      2. Enter a unique SP Partner Name.
      3. Enter a valid email address for the partner.
      Currently, only partner interconnect type is supported which is selected by default.
    4. Configure at least one VLAN attachment to route traffic between your network and the service provider. You can configure additional VLAN attachments after creating the interconnect.
      1. Enter the VLAN Attachment Name.
      2. Select the IP Stack Type: IPv4(single-stack) or IPv4 and IPv6(dual-stack)
      3. Specify the public or private Border Gateway Protocol (BGP) Autonomous System Number (ASN) to establish peering for route exchange between the service provider network and the public cloud.
      4. Enable BGP MD5 Authentication to use the hash algorithm, or Disable it to use plain text authentication.
      5. BFD Session Initialization mode for BGP peer: Passive or Disabled.
        • Passive: The cloud router will wait for the peer router to initiate the BFD session. For the router to wait, you must specify the BFD Transmission Interval, BFD Receive Interval, and BFD Multiplier.
        • Disabled: BFD will be disabled for this BGP peer.
    5. Review the configuration summary and Create Interconnect.

    © 2025 Palo Alto Networks, Inc. All rights reserved.