How to claim a Prisma SD-WAN Device?
10206
Created On 10/28/20 19:38 PM - Last Modified 10/06/23 15:31 PM
Question
How to claim a Prisma SD-WAN Device?
Environment
Prisma SD-WAN
Answer
An ION device cannot download configurations from the controller or talk to other SD-WAN devices until the user claims the device.
When the ION device is claimed, a Customer Installed Certificate (CIC) is installed in the ION device.
The CIC is installed and the device is assigned to a site, the controller can push configuration to the device over a bi-directionally authenticated SSL connection.
The following are the steps for claiming a device:
- Connect a controller port (or internet port) to a network that is enabled for DHCP. You can also use the device toolkit to manually configure the IP for static IP addressing
- After internet connectivity is established, the CloudGenix controller validates the ION device MIC, which is stored in the TPM.
- Within the CloudGenix portal, the device is displayed as being in an online-unclaimed state.
- When the administrator claims the ION, another certificate is installed on the device (which is signed by the customer tenant CA), this is the Customer Installed Certificate (CIC).
- The ION reconnects to the controller using the CIC, which then permits it to be fully configured and interact with the rest of the customer's network.
- The device can then be assigned to a site for further configuration.
Additional Information
For more information:https://docs.paloaltonetworks.com/prisma/prisma-sd-wan/prisma-sd-wan-admin/prisma-sd-wan-sites-and-devices/set-up-devices/claim-the-ion