https://live.paloaltonetworks.com/t5/prisma-sd-wan-cloudblades/prisma-access-cloudblade-bgp-options/m-p/590638#M4 <P>I hope you found your answer by now, but to answer the question: Yes, with a twist.</P> <P>&nbsp;</P> <P>Unchecking that instructs Prisma Access not to advertise learned routes from RNs down to the other RNs. The main purpose of this feature is to allow for site to site traffic within Prisma Access and for other mechanisms like traffic steering, etc. That said, keep in mind that this is relevant only to Remote Networks.</P> <P>&nbsp;</P> <P>Mobile Users isn't on the same network as Remote Networks (separate routing domains) so having this enabled doesn't impact the routing of Mobile Users unless you have service connections that have the RN subnets defined where the MU traffic can hairpin. Without other SCs that advertise the specifc RN subnets into MU (called dummy SCs since they don't terminate), the traffic will go to the nearest (or only) SC that has the best match for the destination prefix and thus to the endpoint they terminate to.</P> <P>&nbsp;</P> <P>Hope that helps.</P> <P>&nbsp;</P> <P>Thanks,</P> <P>Miguel</P> Thu, 27 Jun 2024 17:47:25 GMT miguel_mejia 2024-06-27T17:47:25Z https://live.paloaltonetworks.com/t5/prisma-sd-wan-cloudblades/prisma-access-cloudblade-bgp-options/m-p/576837#M3 <P>I have a question on one of the BGP settings when Cloudblades is set up.</P> <P>In the BGP config on the site, one of the options is "Prisma forward received Branch Routes from Prisma SD-WAN"</P> <P>Would leaving this unchecked be the equivalent of setting a BGP no-advertise community string?</P> <P>My customer doesn't have the network-interconnect license for Prisma so I need to ensure that traffic from mobile users to remote networks doesn't go direct as it will drop. I need the traffic to go back down the service connection and to the DC IONs and over the fabric.</P> <P>&nbsp;</P> <P><LI-WRAPPER></LI-WRAPPER></P> <P><LI-PRODUCT title="Prisma SD-WAN" id="Prisma_SD-WAN"></LI-PRODUCT> <LI-PRODUCT title="Prisma Access" id="Prisma_Access"></LI-PRODUCT>&nbsp;</P> Fri, 09 Feb 2024 15:29:43 GMT https://live.paloaltonetworks.com/t5/prisma-sd-wan-cloudblades/prisma-access-cloudblade-bgp-options/m-p/576837#M3 Jon_Woloshyn 2024-02-09T15:29:43Z https://live.paloaltonetworks.com/t5/prisma-sd-wan-cloudblades/prisma-access-cloudblade-bgp-options/m-p/590638#M4 <P>I hope you found your answer by now, but to answer the question: Yes, with a twist.</P> <P>&nbsp;</P> <P>Unchecking that instructs Prisma Access not to advertise learned routes from RNs down to the other RNs. The main purpose of this feature is to allow for site to site traffic within Prisma Access and for other mechanisms like traffic steering, etc. That said, keep in mind that this is relevant only to Remote Networks.</P> <P>&nbsp;</P> <P>Mobile Users isn't on the same network as Remote Networks (separate routing domains) so having this enabled doesn't impact the routing of Mobile Users unless you have service connections that have the RN subnets defined where the MU traffic can hairpin. Without other SCs that advertise the specifc RN subnets into MU (called dummy SCs since they don't terminate), the traffic will go to the nearest (or only) SC that has the best match for the destination prefix and thus to the endpoint they terminate to.</P> <P>&nbsp;</P> <P>Hope that helps.</P> <P>&nbsp;</P> <P>Thanks,</P> <P>Miguel</P> Thu, 27 Jun 2024 17:47:25 GMT https://live.paloaltonetworks.com/t5/prisma-sd-wan-cloudblades/prisma-access-cloudblade-bgp-options/m-p/590638#M4 miguel_mejia 2024-06-27T17:47:25Z