PaloAlto Networks Prisma SD-WAN ION 9000, Справочник по аппаратуре

Страница: 31 / 34

ION 9000 HARDWARE REFERENCE | Install the ION 9000
31
©
2021 Palo Alto Networks, Inc.
Connect the controller 1 port to a copper 1G ethernet port, similar to how client PC or Laptops are
connected to a corporate network. Ensure that you allow outbound internet access on port 443 to enable
communication between the controller port and the Prisma SD-WAN controller service.
After this port is connected and the ION 9000 powered on, the ION 9000 automatically connects and
registers with the Prisma SD-WAN controller. After the registration, the ION 9000 is available for claiming
and configuration in the Prisma SD-WAN console.
Configure Peering Ports
The Prisma SD-WAN ION 9000 uses the peering ports to communicate with WAN edge or core or WAN
distribution routers via BGP. The routers may be connected using one physical port per router or multiple
routers can share a single port by using a shared Layer 2 VLAN.
The below figure shows the peering port topologies of an ION 9000.
Depending on the number, type and choice of routers and Layer 2 or Layer 3 configurations, the number of
peering ports required may vary. However, any non-controller port may be used for a peering port. These
ports are set-up and identified at configuration time.
To pre-cable the peering ports before configuration:
1. Plan the type and the number of ION 9000 ports needed for peering configuration.
2. Physically plug in the ports from the ION 9000 devices to the appropriate routers or switches.
3. Record the ION port numbers and connecting router or switch port information for future reference.
Configure Internet Ports
The Prisma SD-WAN ION 9000 uses the internet ports to receive inbound VPN connections from the
internet. Typically, ION 9000 devices use one internet port per data center and this port must be able to
receive traffic from the internet.
The internet port must specifically allow inbound UDP 4500 to the ION 9000 from remote ION devices.
If a firewall or NAT is used outside the ION 9000 on this port, UDP 4500 needs to be port forwarded or
passed-through from the firewall or NAT device.
To pre-cable the internet ports before configuration:
1. Plan the type and the number of ION 9000 ports needed for VPN configuration.
2. Physically plug in the ports from the ION 9000 devices to the appropriate devices.
3. Record the ION port numbers and connecting device port information for future reference.