This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Difference between Backup SC and Secondary WAN in Prisma Access?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Difference between Backup SC and Secondary WAN in Prisma Access?

Go to solution
JoeKwok
L2 Linker

‎07-17-2021 10:27 PM

There are two option can be set on Service Connection

 

One is Secondary WAN and other one is Backup SC

 

I would like to know the difference between them.

 

Is it like a Secondary WAN as a active-passive and Backup SC as a active-active?

However, when I set a Secondary WAN, my secondary WAN firewall still receive the BGP advertise from Prisma Access, is it imply that this is not a "passive"?

 

For the Backup SC, if it is work as active-active, how to determine the packet egress service connection? if both service connection is set on the same country. Will it occur a asymmetric routing?

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
NikolayDimitrov
L3 Networker

‎08-05-2021 04:04 AM - edited ‎08-05-2021 04:17 AM

The secondary WAN is if the on premise device has another WAN link and you use it as a backup if the primary link fails (this is if you have Dual ISP in your data center). The secondary WAN link is down and only goes up if the primary link commes up.

 

For Backup SC I think this is if you have two on premise devices that you want if there is an issue with the primary on premise device and its main connection to failover to the other or even an active and standby Data Centers:

 

 

https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama-admin/prepare-the-pris...

 

https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama-admin/prisma-access-fo...

 

 

------------

 

 

You can select any service connection that you have already added. Prisma Access uses the

Backup SC you select as the preferred service connection in the event of a link failure. Selecting a backup service connection can prevent asymmetric routing issues if you have onboarded more than two service connections. This choice is available in Hot potato routing mode only.
 
 
------------
 
 
For more about routing see as the Prisma access uses AS prepend with the BGP to control that only the primar service connection is used and not the the backup service connection:
 

View solution in original post

0 Likes Likes
1 REPLY 1

Go to solution
NikolayDimitrov
L3 Networker

‎08-05-2021 04:04 AM - edited ‎08-05-2021 04:17 AM

The secondary WAN is if the on premise device has another WAN link and you use it as a backup if the primary link fails (this is if you have Dual ISP in your data center). The secondary WAN link is down and only goes up if the primary link commes up.

 

For Backup SC I think this is if you have two on premise devices that you want if there is an issue with the primary on premise device and its main connection to failover to the other or even an active and standby Data Centers:

 

 

https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama-admin/prepare-the-pris...

 

https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama-admin/prisma-access-fo...

 

 

------------

 

 

You can select any service connection that you have already added. Prisma Access uses the

Backup SC you select as the preferred service connection in the event of a link failure. Selecting a backup service connection can prevent asymmetric routing issues if you have onboarded more than two service connections. This choice is available in Hot potato routing mode only.
 
 
------------
 
 
For more about routing see as the Prisma access uses AS prepend with the BGP to control that only the primar service connection is used and not the the backup service connection:
 
0 Likes Likes
  • 1 accepted solution
  • 8307 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks