Prisma® SD-WAN supports standard VPN for connections between two data center ION devices. Both the DC ION devices may try to initiate a tunnel, in which case, the tunnel will not be established. To overcome this issue, Prisma SD-WAN now supports the responder-only mode for the DC ION devices, so that the ION device only responds to the IKE connection and does not initiate it. Prisma SD-WAN supports a standard VPN tunnel configuration option that controls IKE initiator & responder behavior. This is useful in many scenarios including establishing DC to DC ION tunnels when one or both sides are behind a NAT device.

Prisma® SD-WAN currently supports this feature only for IPsec VPNs and not for GRE VPNs. Prisma SD-WAN supports both IKEv1 and IKEv2.