Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Prisma SD-WAN initial deployment - LAN port

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Prisma SD-WAN initial deployment - LAN port

Hello All, 

 

Looking for some feedback on how to best configure our ION devices. 

 

We have setup HA ION devices with redundant Internet and Private circuits. The issue I keep running into is the LAN port configuration doesn't seem right. 

 

I setup a test machine and set a default route to the LAN port of the ION device so traffic passes through the box. Initially I had a default gateway on the LAN interface, but this cause traffic to go from LAN port to Controller port and out the current edge infrastructure. So, I removed the gateway and traffic was hitting the correct path policies but return traffic didn't know where to go. 

 

So, I added a static route with next hop IP - but the traffic again hit the controller port on the way back. Switched to a next hop LAN interface, but then the traffic doesn't know where to go...

 

What am I doing wrong here?

 

Also, should the LAN interface on the HA IONs have the same IP addresses? I'm seeing conflicting documentation regarding this. 

2 REPLIES 2

L1 Bithead

What ION devices model do you have?

It will be better if you could share simple diagram for your scenario for better understanding.

LAN interfaces on both HA IONs should have the same IP addresses.

L1 Bithead

Firmware version here plays a very important role here. Palo SDWAN solution at 6.3.x level has simplified the design a bit. As suggested a simple diagram will yield a better discussion

  • 1348 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!