https://live.paloaltonetworks.com/t5/prisma-sd-wan-discussions/prisma-sd-wan-initial-deployment-lan-port/m-p/584975#M173 <P>Hello All,&nbsp;</P> <P>&nbsp;</P> <P>Looking for some feedback on how to best configure our ION devices.&nbsp;</P> <P>&nbsp;</P> <P>We have setup HA ION devices with redundant Internet and Private circuits. The issue I keep running into is the LAN port configuration doesn't seem right.&nbsp;</P> <P>&nbsp;</P> <P>I setup a test machine and set a default route to the LAN port of the ION device so traffic passes through the box. Initially I had a default gateway on the LAN interface, but this cause traffic to go from LAN port to Controller port and out the current edge infrastructure. So, I removed the gateway and traffic was hitting the correct path policies but return traffic didn't know where to go.&nbsp;</P> <P>&nbsp;</P> <P>So, I added a static route with next hop IP - but the traffic again hit the controller port on the way back. Switched to a next hop LAN interface, but then the traffic doesn't know where to go...</P> <P>&nbsp;</P> <P>What am I doing wrong here?</P> <P>&nbsp;</P> <P>Also, should the LAN interface on the HA IONs have the same IP addresses? I'm seeing conflicting documentation regarding this.&nbsp;</P> Thu, 25 Apr 2024 19:28:53 GMT gianlucabastia91 2024-04-25T19:28:53Z https://live.paloaltonetworks.com/t5/prisma-sd-wan-discussions/prisma-sd-wan-initial-deployment-lan-port/m-p/584975#M173 <P>Hello All,&nbsp;</P> <P>&nbsp;</P> <P>Looking for some feedback on how to best configure our ION devices.&nbsp;</P> <P>&nbsp;</P> <P>We have setup HA ION devices with redundant Internet and Private circuits. The issue I keep running into is the LAN port configuration doesn't seem right.&nbsp;</P> <P>&nbsp;</P> <P>I setup a test machine and set a default route to the LAN port of the ION device so traffic passes through the box. Initially I had a default gateway on the LAN interface, but this cause traffic to go from LAN port to Controller port and out the current edge infrastructure. So, I removed the gateway and traffic was hitting the correct path policies but return traffic didn't know where to go.&nbsp;</P> <P>&nbsp;</P> <P>So, I added a static route with next hop IP - but the traffic again hit the controller port on the way back. Switched to a next hop LAN interface, but then the traffic doesn't know where to go...</P> <P>&nbsp;</P> <P>What am I doing wrong here?</P> <P>&nbsp;</P> <P>Also, should the LAN interface on the HA IONs have the same IP addresses? I'm seeing conflicting documentation regarding this.&nbsp;</P> Thu, 25 Apr 2024 19:28:53 GMT https://live.paloaltonetworks.com/t5/prisma-sd-wan-discussions/prisma-sd-wan-initial-deployment-lan-port/m-p/584975#M173 gianlucabastia91 2024-04-25T19:28:53Z https://live.paloaltonetworks.com/t5/prisma-sd-wan-discussions/prisma-sd-wan-initial-deployment-lan-port/m-p/585248#M174 <P><SPAN>What ION devices model do you have?</SPAN></P> <P><SPAN>It will be better if you could share simple diagram for your scenario for better understanding.</SPAN></P> <P><SPAN>LAN interfaces on both HA IONs should have the same IP addresses.</SPAN></P> Mon, 29 Apr 2024 19:42:40 GMT https://live.paloaltonetworks.com/t5/prisma-sd-wan-discussions/prisma-sd-wan-initial-deployment-lan-port/m-p/585248#M174 MALjaaidi 2024-04-29T19:42:40Z https://live.paloaltonetworks.com/t5/prisma-sd-wan-discussions/prisma-sd-wan-initial-deployment-lan-port/m-p/590624#M180 <P>Firmware version here plays a very important role here. Palo SDWAN solution at 6.3.x level has simplified the design a bit. As suggested a simple diagram will yield a better discussion</P> Thu, 27 Jun 2024 15:12:03 GMT https://live.paloaltonetworks.com/t5/prisma-sd-wan-discussions/prisma-sd-wan-initial-deployment-lan-port/m-p/590624#M180 Junedshaikh 2024-06-27T15:12:03Z