Rapid Deployment of Small PANs at Spoke Sites

Reply
Highlighted
L1 Bithead

Rapid Deployment of Small PANs at Spoke Sites

I have dozens of small offices across the country and dozens more coming. My predecessor put in 

DMVPN with Cisco ISRs at the spoke sites. I'm thinking to replace the ISRs with PAN 220s or similar.

The only downside is they don't have POE for the access points. But should be able to work around

that somehow. 

 

My question is how to most rapidly and easily deploy the small PANs. They should all have common

policies. But each would have a different Internet IP address and three subnets on three sub interfaces.

They need to tunnel to a pair of PANs at the data center. What's the fastest way to get them

loaded with configuration so they can be shipped, have the ISP facing IP address and route 

changed via remote session, complete the configuration from the home office?


Accepted Solutions
Highlighted
Cyber Elite

@MichaelMedwid,

Free Option:

So when you have a job like this, I would actually recommend configuring one of the devices and taking that XML file and making a Jinja2 template out of it. That way, the only thing you need to do is render the configuration and load it onto the PA-220s with the device specific variables and ship it out. You can then script the template file to render and push/commit the configuration to the PA-220s on a nightly basis with a little bit of Python.

 

Paid Option:

Panorama is the official answer, but it does have additional costs that you may or may not have in the budget. It essentially does all of the template configuration for you and can collect all of the logs you would like from all of your PA-220s. 

View solution in original post


All Replies
Highlighted
Cyber Elite

@MichaelMedwid,

Free Option:

So when you have a job like this, I would actually recommend configuring one of the devices and taking that XML file and making a Jinja2 template out of it. That way, the only thing you need to do is render the configuration and load it onto the PA-220s with the device specific variables and ship it out. You can then script the template file to render and push/commit the configuration to the PA-220s on a nightly basis with a little bit of Python.

 

Paid Option:

Panorama is the official answer, but it does have additional costs that you may or may not have in the budget. It essentially does all of the template configuration for you and can collect all of the logs you would like from all of your PA-220s. 

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!