Palo Alto Networks Prisma SD-WAN Device Recovery Process

Palo Alto Networks Prisma SD-WAN device requires users to perform a manual recovery process if the Virtual Network Function goes into an unrecoverable state. This topic provides the vendor-specific instructions for the recovery of the VNF.

Note: For the most up-to-date vendor documentation on the recovery steps, see Replace a Prisma SD-WAN ION Device.

High-Level Recovery Process

  1. Generate the ION Key and obtain the secret for the key from the Orchestrator.

  2. Follow the self-guided recovery process.

  3. Push the new configuration to your new device.

Generate ION Key and Secret

Generate the ION key and secret on your orchestrator. (See the Palo Alto documentation for detailed Instructions.)This key and secret are used in the Equinix Network Edge device detail to start RMA process.

  1. Sign in to the Prisma SD-WAN web interface.

  2. Select System Administration > License Management > [your device model]

  3. Click Create Token.

  4. Select Use Type > [Single Use or Multi Use]

  5. Obtain ION KEY and SECRET KEY from the table.

Self-Guided RMA Process

  1. Sign in to the Equinix Fabric portal.

  2. From theNetwork Edge menu, select Virtual Device Inventory.

  3. Use the filters to find the impacted PAN Prisma Virtual ION SD-WAN device. Make sure you select the correct replacement device from the previous section.

  4. Select the device and click the Tools tab in the Device Details.

  5. In the RMA Device card, click Create RMA Request.

  6. Enter the License Key and License Secret obtained in the RMA process in the PAN Prisma SD-WAN web interface.

  7. Click Submit RMA Request to confirm your request.

    Warning: This process can’t be canceled once the request is submitted.

The RMA Device card will indicate that your request is in progress.

The device status will indicate Provisioning. After the RMA process is done, the RMA Status changes to Completed with a timestamp. The Provisioning status changes to Provisioned. If any issues prevent the RMA process from completing successfully, the RMA Status will indicate to RMA Failed (displayed in red). If you see this failure status, open a customer support case.

To submit a support case, see Support.

Push Configuration to New Device

  1. Sign in to the PAN Prisma SD-WAN web interface.

  2. Select Manage > Setup > DevicesUnclaimed Devices.

  3. From the ellipsis menu, select Replace the Device.

  4. Select a replacement device.

    Note: There can be multiple replacement devices, so make sure you choose the correct one.

  5. Click Next to select a snapshot for the replacement device.

    Note: The replacement device must be online and claimed to apply the snapshot.

  6. After the snapshot is created, click Download Snapshot Before Continuing.

  7. Select Download to File or Copy to Clipboard as required.

  8. Click Next to continue after you have downloaded the snapshot. Click OK after confirming that the remaining device replacement steps are service affecting.

  9. Assign the replacement device to the site.

    The RMA Wizard will take the site information from the failed device and transfer it to the replacement device. When the replacement device is assigned to the site and the faulty device is unassigned, the service may be affected temporarily.

  10. Click Next to configure the service.

  11. Click Done when you have copied the manual configurations to complete the replacement process.

    Note: The RMA Replacement Wizard automatically transfers the configuration from the old device to the new device. There may be flags for the functions that need to be manually configured. Configurations that are not copied will be listed in a text box.

    The final screen displays when the device is successfully configured. If there are any warnings, download them before you exit the wizard.

  12. Click Done to complete the device replacement process.

For the most up-to-date vendor documentation about the recovery steps, see Replace a Prisma SD-WAN ION Device.