03-24-2023 10:32 AM
I'm new to Prisma but may be able to implement it soon. I understand Global Protect clients send all traffic to the Prisma cloud where the traffic can be inspected to PAN rules. And then I understand that a tunnel can be created from the Prisma cloud to our data center so that the clients with GP can connect to our data center. My question is: can we have two tunnels from the prisma cloud - one to our physical data center and one to our Azure vnets? Or alternatively, if two tunnels are not possible at once - is it quick and easy to change the tunnel termination location e.g. instead of directing all traffic to our data center to change it to a VNG in Azure?
03-27-2023 03:27 AM - edited 03-27-2023 03:29 AM
If you can split your local DC and the Azure DC as different subnets then you can make two seperate ceperate subnets and two seperate services then see:
If not even with Prisma/Palo Alto SD-WAN you can't have two tunnel endpoints active at the same sime for a service connection as one will be secondary (maybe the azure dc) if needed you can just dissable the primary or change the tunnel health monitoring to mark it down:
Still as I mentioned under your other question check the Prisma Access training if you are going to work with Prisma Access.
03-27-2023 03:27 AM - edited 03-27-2023 03:29 AM
If you can split your local DC and the Azure DC as different subnets then you can make two seperate ceperate subnets and two seperate services then see:
If not even with Prisma/Palo Alto SD-WAN you can't have two tunnel endpoints active at the same sime for a service connection as one will be secondary (maybe the azure dc) if needed you can just dissable the primary or change the tunnel health monitoring to mark it down:
Still as I mentioned under your other question check the Prisma Access training if you are going to work with Prisma Access.
03-27-2023 08:19 AM
Very helpful. Thank you!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
