About wprice

wprice · ‎02-12-2020

Hi Ram, Thanks for your query! Are you speaking to the Tunnel Monitoring config using Proxy ID on Page 74 and 75 of the Prisma Access Panorama Admin guide? https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/prisma/prisma-access/prisma-access-panorama-admin/prisma-access-panorama-admin.pdf The context here is around the Tunnel monitoring a Service Connection. This will probe the IP's specified to be sure traffic is not black-holed to a site that has gone down. For the Proxy ID config of your tunnel monitor traffic, The local subnet is your Infrastructure subnet since either the SC or RN when onboarded in our cloud will pull from this pool. The remote will the on-prem remote site subnet, etc.. If you are not using proxy IDs for tunnel monitoring you can just specify an IP that can be reached (can route to that remote IP) and is allowed (security policy allowed). I hope this helps. Wade

wprice · ‎01-23-2020

This issue now should be resolved by using our ECMP for Remote Networks feature. This allows up to 4 IPSEC/BGP tunnels to RN endpoints. See the documentation below for ECMP and other 1.5 Cloud Services plugin features: https://live.paloaltonetworks.com/t5/Blogs/NEW-Prisma-Access-1-5-Updates/ba-p/298139

Date Registered	‎05-22-2019 03:45 PM
Date Last Visited	2 weeks ago
Total Messages Posted	2

Online Status	Offline
Date Last Visited	2 weeks ago

About wprice

Re: ProxyID for Prisma Access Tunnels

Re: Feature Request - Prisma Access secondary tunnel AWS

Re: ProxyID for Prisma Access Tunnels

Re: Feature Request - Prisma Access secondary tunnel AWS

Panorama Connectivity Issues to Prisma: OTP errors

Strata

Prisma

Cortex

About wprice

Re: ProxyID for Prisma Access Tunnels

Re: Feature Request - Prisma Access secondary tunnel AWS

Re: ProxyID for Prisma Access Tunnels

Re: Feature Request - Prisma Access secondary tunnel AWS

Panorama Connectivity Issues to Prisma: OTP errors