Can you configure multiple prisma access tunnel end points?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Can you configure multiple prisma access tunnel end points?

L3 Networker

I'm new to Prisma but may be able to implement it soon. I understand Global Protect clients send all traffic to the Prisma cloud where the traffic can be inspected to PAN rules. And then I understand that a tunnel can be created from the Prisma cloud to our data center so that the clients with GP can connect to our data center. My question is: can we have two tunnels from the prisma cloud - one to our physical data center and one to our Azure vnets? Or alternatively, if two tunnels are not possible at once - is it quick and easy to change the tunnel termination location e.g. instead of directing all traffic to our data center to change it to a VNG in Azure?

1 accepted solution

Accepted Solutions

L6 Presenter

If you can split your local DC and the Azure DC as different subnets then you can make two seperate ceperate subnets and two seperate services then see:

 

https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama-admin/prisma-access-ad...

 

 

If not even with Prisma/Palo Alto SD-WAN you can't have two tunnel endpoints active at the same sime for a service connection as one will be secondary (maybe the azure dc) if needed you can just dissable the primary or change the tunnel health monitoring to mark it down:

 

https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama-admin/prepare-the-pris...

 

 

Still as I mentioned under your other question check the Prisma Access training if you are going to work with Prisma Access.

View solution in original post

2 REPLIES 2

L6 Presenter

If you can split your local DC and the Azure DC as different subnets then you can make two seperate ceperate subnets and two seperate services then see:

 

https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama-admin/prisma-access-ad...

 

 

If not even with Prisma/Palo Alto SD-WAN you can't have two tunnel endpoints active at the same sime for a service connection as one will be secondary (maybe the azure dc) if needed you can just dissable the primary or change the tunnel health monitoring to mark it down:

 

https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama-admin/prepare-the-pris...

 

 

Still as I mentioned under your other question check the Prisma Access training if you are going to work with Prisma Access.

Very helpful. Thank you!

  • 1 accepted solution
  • 1707 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!