1. Manuals
  2. Brands
  3. PaloAlto Networks Manuals
  4. Firewall
  5. TECHDOCS ION 9000
  6. Hardware reference manual

Configure Peering Ports; Configure Internet Ports - PaloAlto Networks TECHDOCS ION 9000 Hardware Reference Manual

Hide thumbs
Table of Contents

Advertisement

Install the ION 9000
Connect the controller 1 port to a copper 1G ethernet port, similar to how client PC or Laptops
are connected to a corporate network. Ensure that you allow outbound internet access on port
443 to enable communicaon between the controller port and the Prisma SD-WAN controller
service.
Aer this port is connected and the ION 9000 powered on, the ION 9000 automacally connects
and registers with the Prisma SD-WAN controller. Aer the registraon, the ION 9000 is available
for claiming and configuraon in the Prisma SD-WAN console.
Configure Peering Ports
The Prisma SD-WAN ION 9000 uses the peering ports to communicate with WAN edge or core
or WAN distribuon routers via BGP. The routers may be connected using one physical port per
router or mulple routers can share a single port by using a shared Layer 2 VLAN.
The below figure shows the peering port topologies of an ION 9000.
Depending on the number, type and choice of routers and Layer 2 or Layer 3 configuraons, the
number of peering ports required may vary. However, any non-controller port may be used for a
peering port. These ports are set-up and idenfied at configuraon me.
To pre-cable the peering ports before configuraon:
1. Plan the type and the number of ION 9000 ports needed for peering configuraon.
2. Physically plug in the ports from the ION 9000 devices to the appropriate routers or switches.
3. Record the ION port numbers and connecng router or switch port informaon for future
reference.
Configure Internet Ports
The Prisma SD-WAN ION 9000 uses the internet ports to receive inbound VPN connecons from
the internet. Typically, ION 9000 devices use one internet port per data center and this port must
be able to receive traffic from the internet.
The internet port must specifically allow inbound UDP 4500 to the ION 9000 from remote ION
devices. If a firewall or NAT is used outside the ION 9000 on this port, UDP 4500 needs to be
port forwarded or passed-through from the firewall or NAT device.
To pre-cable the internet ports before configuraon:
1. Plan the type and the number of ION 9000 ports needed for VPN configuraon.
2. Physically plug in the ports from the ION 9000 devices to the appropriate devices.
ION 9000 Hardware Reference
28
2021 Palo Alto Networks, Inc.
©

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the TECHDOCS ION 9000 and is the answer not in the manual?

Related Manuals for PaloAlto Networks TECHDOCS ION 9000

Related Content for PaloAlto Networks TECHDOCS ION 9000

Table of Contents