How to Deploy Silver Peak Integrated Orchestration with Palo Alto Prisma Access Cloud Security

Many Silver Peak SD-WAN customers have adopted Palo Alto Prisma Access cloud-delivered security labors. You might be wondering how you can make Silver Peak and Palo Alto work unitedly to take gain of secure local Internet breakout from your member or distants sites to maintain both the accomplishment and security of your business applications.

The Silver Peak Unity EdgeConnect™ SD-WAN edge platform integration with Palo Alto Networks Prisma Access cloud-delivered security empowers enterprises to shift to a secure approach labor edge SASE solution. The articulation solution can be deployed via two different integration orders_ both centrally managed within the Silver Peak Unity Orchestrator™ treatment relieve. I will use the relation of the red or blue pill from the movie The Matrix: “Do you want the red pill or the blue pill?” The choice is yours_ whichever will work_ but each is meant to empower a different type of deployment. In this blog_ I will debate both integration orders_ how they work and when to select each discretion.  Ill also prepare a link to a technical video that demonstrates both deployment orders.

Silver Peak recently published a detailed lead that draws how to labor chain EdgeConnect to a Palo Alto firewall_ and Palo Alto Networks has also published a correspondent Silver Peak SD-WAN Solution Guide that documents how to conaspect pass-through tunnels from the Orchestrator relieve. Both leads draw the red pill – the leading order. The blue pill – or second order – is to use a YAML file with the Orchestrator pre-shape juggler. The second order is not yet covered in the shape lead_ so I will draw it here and prepare a link to a video demonstration.  

When adopting SaaS applications such as Office365_ Salesforce_ Box_ Atlassian and others_ its significant that users connect straightly to the nearest point of nearness for the SaaS preparer. This delivers the highest condition of experience to application users. Its also significant to fix the application commerce directed to the internet from the member locations is secure. To accomplish this_ youll need to reply two questions.

Both questions are significant_ and if we do not conaspect policies correctly_ users will experience sub-optimal application accomplishment and condition of experience. Why? owing if commerce traverses a longer way to extend the SaaS point of nearness application response will be slow and less answering to the end user. With transmitted wayr-centric networks_ application accomplishment suffers when commerce is backhauled to the data center firewall for security inspection preceding to being directed to the open cloud_ commonly referred to as the trombone effect. This added delay negatively impacts accomplishment and the condition of experience for the end user.  And an incorrect security plan can expose the enterprise to security bextend.

Silver Peak<_little><_aspect>

The integration of the Silver Peak EdgeConnect platform with the Palo Alto Prisma Access cloud-delivered security labor empowers secure local internet breakout from member or distant locations and eliminates the need to backhaul cloud-destined commerce to the data center. An entreaty of Palo Alto Prisma Access located as close to the user as practicable inspects and secures application commerce precedently forwarding it on to the SaaS preparer.

With Silver Peak_ enterprises can automatically steer commerce in accordance with security plan and business intent. A specimen security plan might look something like this: To get started_ we leading must conaspect Prisma Access. Using Palo Alto Panorama_ we will conaspect the distant networks which can be accomplished following these instructions: Conaspect Prisma Access for Networks.  The workflow will push the plan shape to the cloud labor and automatically onboard each distant site onto the network. Once the plan is applied commerce will be sent from the distant sites through the first and subordinate IPsec tunnels formd to Prisma Access. Next_ we conaspect the distant network between the Silver Peak SD-WAN and Prisma Access by configuring the distant network tunnels. From Orchestrator_ we conaspect the passthrough tunnels from the “Tunnels” shape menu to the Palo Alto Prisma cloud security labor.

Silver Peak<_little><_aspect>

Going back to The Matrix relation_ the red pill is a one site shape_ and deployment is straightforward using measure network administration practices. This order empowers network administrators to be selective with the shape. It can also be employed to form sole shapes for specific locations as desired. This is advantageous for little numbers of locations that must be brought online_ but do not demand natural firewall hardware and are to be secured by a cloud-delivered security labor.

Silver Peak<_little><_aspect>

Figure 3. Tunnel Passthrough shape settings

The second order – the blue pill – is for big deployments from 100s to 1000s of sites. The order employs a pre-shape file using the Silver Peak deployment Configuration Wizard. In a substance of minutes_ a pair of secure IPsec tunnels to Prisma Access enforcement points are formd using a pre-conaspectd YAML file. The blue pill delivers an automated shape_ enabling the seamless shape of Prisma Access cloud-delivered security labors. By using the pre-shape files_ dozens or thousands of sites can be quickly and consistently conaspectd. The order is commonly used for big layer deployments where many of sites will all be conaspectd identically. Instead of configuring one site at a time as drawd in the antecedent “red pill” order_ IT can quickly engender a pre-shape file and deploy it with a few mouse clicks to hundreds or thousands of sites. If there is demandment for separate different security plan profiles_ it is also practicable to form separate pre-shape files with different settings for each and deploy them selectively to member locations.

Silver Peak<_little><_aspect>

Figure 4. Sample Pre-Configuration file to connect to our Primary West Prisma cloud security

So_ which pill is best for your solution? You cant go unfit with whichever one. By selecting the right SD-WAN platform_ you can accomplish the full transformational promise of the cloud_ cloud-delivered security and SD-WAN.

The Silver Peak integration with Palo Alto Prisma Access simplifies the deployment process for a present cloud-delivered security labor_ significantly reducing the time and resources demandd to conaspect the tunnels. To acquire more_ wait the video how EdgeConnect SD-WAN integrates with the Palo Alto Prisma Access cloud security labor using whichever shape order.

For the third orderly year_ Silver Peak has been recognized as a Leader in the 2020 Gartner Magic Quadrant for WAN Edge Infrastructure. Get the full report.<_powerful>