Configure the ION Device at a Data Center (2024)

Configure the ION Device at a Data Center

Updated on

Nov 28, 2024

Focus

Download PDF

Updated on

Nov 28, 2024

Focus

  1. Home
  2. Prisma
  3. Prisma SD-WAN
  4. Prisma SD-WAN Sites and Devices
  5. Configure the ION Device at a Data Center

Download PDF

Previous Configure the ION Device at a Branch Site
Next Switch a Site to Control Mode

Let us learn to configure the ION at a data center.

Where Can I Use This?What Do I Need?
  • Prisma SD-WAN
  • Prisma SD-WAN license

As you get started to configure the ION device at the data center, you must know that the ION 5200, ION 7000, ION 9000 or ION 9200 provides eight 1GE ports and six 10GE SFP+ ports for flexible configuration. Connect at least one port to the internet and one port to peer with a network.

  1. Select WorkflowsDevicesClaimed and select the device you wish to configure.

    Configure the ION Device at a Data Center (1)

  2. On the Basic Info tab:

    1. Enter a Device Name.

    2. (Optional)

      Enter a Description and Tags.

    3. Set Force VPN to VPN Traffic to Local Next Hop to Yes to force traffic from one branch site to another via a local next hop within a data center site.

      By default, the option Force VPN to VPN Traffic to Local Next Hop is toggled to No.

      If you have configured a Private WAN circuit on the DC ION device and the DC ION device is peering with a WAN edge router, the DC ION device will have learnt the route to the destination from the WAN edge router. In this case, the traffic will be routed to the WAN edge router and subsequently to the destination.

    4. Configure the first port from the Interfaces tab.

      1. From 1GE ports, select Port 1.

      2. Leave Admin Up as the default Yes.

      3. (Optional)

        Enter a name, description, and tags for this port.

        The Interface Type displays as Port.

      4. For Use This Port For, select Connect to Internet to enable public VPNs for a branch site.

      5. For Circuit Label, select the circuit that connects to the internet.

        A circuit label is mandatory.

      6. For IPv4 Configuration, select DHCP or Static.

        • Choose DHCP and enter NAT Address and Port if the IP address is dynamically assigned and if the internet port IP address is a private IP address behind a NAT firewall.
          • The External NAT address should be the public IP address NAT-translated to the ION device’s IP address on this physical port.
          • The External NAT port should be the External NAT IP address UDP port forwarded to UDP 4500 on the ION device’s IP address on this physical port.
          • Outside of this device configuration, if you have a firewall, you must allow protocol TCP 443 and UDP 4500 in your firewall configuration.
        • If the IP address is fixed and specified manually, choose Static and specify the IP Address/Mask, Default Gateway, DNS Servers, and Secondary IPs.
      7. Select Enable IPv6 On This Interface to configure IPv6.

      8. For IPv6 Configuration, select AutoConf or Static.

        Autoconf indicates the Global IP address is derived using stateless address autoconfiguration (SLAAC).

        Choose Static if the IP address is fixed and is manually assigned. Additionally specify the IPv6 Address/Mask, Default Gateway (IPv6), and DNS server(s)(IPv6).

      9. In Advanced Options,

        (optional)

        specify MAC, IP MTU, and Physical from the available range.

      10. Click Save Port.

      11. Proceed to configure the second port.

        1. Leave Admin Up asthe default Yes.

        2. (Optional)

          Enter a name, description, andtags for this port.

          The Interface Type displays as Port.

        3. For Use This Port For, select Peerwith a Network to inject routes towards the core router.

          You may pair any non-hardware ports on the physical andvirtual ION 7000 or ION 9000. However, ports 5/6 and ports 7/8 arehardware bypass port pairs, and therefore, must be configured asport pairs. These port pairs may be set to fail, open, or closed.

        4. For Circuit Label, select thecircuit to peer with the network.

        5. For IPv4 Configuration, select DHCP or Static.

        6. In Advanced Options,

          (optional)

          specify MAC, IP MTU, and Physical from the available range.

        7. Click Save Port.

          Similar to configuring ports on a physical ION 7000, configure the ports on the virtual ION device. The virtual device has one controller port and nine configurable ports to connect to the internet or peer with a network.

        8. Proceed to configure Routing, SNMP, Syslog Export, andNTP Client for the ION device.

"); adBlockNotification.append($( "Thanks for visiting https://docs.paloaltonetworks.com. To improve your experience when accessing content across our site, please add the domain to the allow list on your ad blocker application." )); let adBlockNotificationClose = $("x"); adBlockNotification.prepend(adBlockNotificationClose) $('body').append(adBlockNotification); setTimeout(function (e) { adBlockNotification.addClass('open'); }, 10); adBlockNotificationClose.on('click', function (e) { adBlockNotification.removeClass('open'); }) } }, 5000)
Previous Configure the ION Device at a Branch Site
Next Switch a Site to Control Mode

© 2024 Palo Alto Networks, Inc. All rights reserved.

Configure the ION Device at a Data Center (2024)

References

Top Articles
6 Classic Pickup Trucks That Make Good Project Vehicles
The First G Wagon - Complete History of the Epic Mercedes Rig
Visual History of the Mercedes-Benz G-wagen: From Brute to Bourgeois
Latest Posts
6 Classic Pickup Trucks That Make Good Project Vehicles - SlashGear
5 Popular Pickup Trucks To Avoid in 2024 and What To Buy Instead
Recommended Articles
Article information

Author: Terence Hammes MD

Last Updated:

Views: 6577

Rating: 4.9 / 5 (49 voted)

Reviews: 80% of readers found this page helpful

Author information

Name: Terence Hammes MD

Birthday: 1992-04-11

Address: Suite 408 9446 Mercy Mews, West Roxie, CT 04904

Phone: +50312511349175

Job: Product Consulting Liaison

Hobby: Jogging, Motor sports, Nordic skating, Jigsaw puzzles, Bird watching, Nordic skating, Sculpting

Introduction: My name is Terence Hammes MD, I am a inexpensive, energetic, jolly, faithful, cheerful, proud, rich person who loves writing and wants to share my knowledge and understanding with you.