Prisma SDWAN

Prisma SD-WAN provides a software-defined wide area network (SD-WAN) solution that transforms legacy wide area networks (WANs) into a radically simplified, secure, application fabric, virtualizing heterogeneous underlying transports into a unified hybrid WAN. Prisma SD-WAN controls network application performance based upon application-performance service level agreements (SLAs) and business priorities.
Prisma SD-WAN collects data about metrics like app response time, app transaction time, and app reachability, as well as mean opinion score (MOS) for voice. Prisma SD-WAN uses all of this application-based information (and Layer 3 packet-based data) in its path selection algorithm to ensure that each application session receives the best performance at any given time. Users judge their experience based on the performance of the applications that they use, not on network jitter or loss. We must deliver a network that can respond in real time to deliver the best application performance SLA.
Prisma SD-WAN instant-on network (ION) devices communicate with the controller over a bidirectionally authenticated SSL connection. The Prisma SD-WAN branch IONs automatically establish secure VPN connections with the Data Center IONs across the internet, and across Private WAN links utilizing the same carrier. By default, a hub-and-spoke design is used.

A Prisma SD-WAN WAN edge device is an ION device. Prisma SD-WAN ION devices are available in both hardware and software form factors to meet the needs of any location and any deployment scenario. Prisma SD-WAN virtual form factors can be deployed on ESXi, KVM, Hyper-V, and cloud platforms, such as AWS, Azure, and GCP.
ION Devices integrate fail-to-wire interfaces
When licensing ION devices, consider the bandwidth subscription to purchase and possible enforcement restrictions.
- Depending on where the ION device will be deployed, you must purchase a bandwidth-based subscription or data-center subscription.
  - Branch site: For ION devices being deployed at branch sites, the options for bandwidth-based subscriptions range from 25Mbps to 2.5Gbps.
  - Data-center site: For ION devices being deployed at data-center sites, there is one data-center subscription option.
- Traffic is not rate limited if data rates exceed the license. However, data rates and usage are exported to the controller to provide insight into your actual usage so you can correctly size your licenses.

The Prisma SD-WAN non-disruptive insertion model enables customers to easily transition existing sites to the Prisma SD-WAN. The Prisma SD-WAN approach is referred to as the “Crawl, Walk, Run” model: the approach enables customers to deploy Prisma SD-WAN as aggressively as they want to meet their requirements.
There are 4 insertion mode (or phase):
- Analytics Mode: learn the traffic profile and monitor app performance
  - deployed inline at the branch between L2 or L3 switch and existing router
  - No VPN tunnels are created and no path is selected
- Control: Add app-based SLAs and Drive path selection
  - after analytics-only mode, device can be switched to control mode
  - application and network data can be collected. Full Prisma SD-WAN functionality can be delivered without replacement of existing router
- Router Replacement: Use for ethernet sites, Achieve the smallest footprint
  - Can run in full-router-replacement mode, which eliminate the need for a router.
  - has a built-in application zone-based firewall, enables consolidation of branch firewall appliances onto the ION device
- High Availability: Maintain 100% circuit capacity upon device failure
  - uses fail-to-wire interfaces to maintain 100% circuit capacity even if a device fails.

CloudBlades Platform

CloudBlades drastically reduces the time required to bring up locations. Locations can be brought up without the need to upgrade hardware or a software. With the CloudBlades platform, adding resources at a branch is less complex. The CloudBlades platform also improves performance by providing API integration and future-proofing of customer investments.
Prisma Access: Prisma SD-WAN Autonomous WAN with Palo Alto Networks Prisma Access, enables organizations to deploy best-of-breed secure SD-WAN that is pre-integrated, requiring no additional hardware or software to provision at the remote office, and lays the foundation for a zero-trust security architecture.
- Apply Traffic Policy to application traffic
- Ensure consistent performance and High Availability
- Create policy once and deploy everywhere
- Integrate with other services

Branch (Spoke): where users and services are located. Used for a majority of locations. Below is the list of functions that branch site performs
- Distributed application analytics
- Path selection
- Measurement of link quality
- Application service-level agreement (SLA) assurance
- Firewall enforcement and compliance
- Standard VPN service insertion
- Analysis of traffic patterns from branch to data center, branch to branch, data center to branch, and branch to third-party service
- Automatic establishment of zero-touch secure fabric links (Prisma SD-WAN VPN) to all data-center sites (a hub-and-spoke design)
- Support for full-mesh and partial-mesh topologies
Data Center (Hub/Transit): where enterprise applications and services are hosted

Default username/password for unclaimed device: elem-admin/hackle628)bags
dump overview
dump controller status: view controller status
dump interface config { all | controller1 | 1 }: view interface configuration
dump interface status { all | controller1 | 1 }: view interface status
inspect system arp { all | interface=1 | interface=controller1}: view arp table
config interface controller1 ip static address=10.0.0.126/24 gw=10.0.0.1 dns=8.8.8.8: configure interface controller1

Prisma SD-WAN: https://beacon.paloaltonetworks.com/student/collection/660386-prisma-sd-wan?sid=5e2270df-2e55-48f7-8d42-e25de5ae6ced&sid_i=7
Assign a static IP Address using the console

Last updated 7 months ago