Skip to main content

 

Cisco Meraki Documentation

Prisma Access Integration Overview

The document provides an overview of integrating Prisma Access with Meraki MX devices, enabling seamless integration of Prisma Access security services with Meraki networks, enhancing security posture and simplifying management through centralized policy enforcement and threat prevention capabilities.

Prisma Access Integration Overview 

Palo Alto Prima Access offers a security stack solution from the cloud for internet and SaaS connections. Prisma acts as a secure web gateway where 0.0.0.0/0 traffic will be routed for inspection and enforcement prior to internet termination.  

This document describes how to configure Prisma Access IPsec peering with the Meraki MX Security Appliance (MX/Z platforms).

Prerequisites Edit section 

  • Prisma Access account 

  • Meraki MX/Z device (running MX17+ firmware)

  • Meraki MX/Z Site-to-site VPN enabled
     

Integration with Prisma Access can be done from the Prisma Access Dashboard or from the Meraki Dashboard. See links to Prisma Access documentation.
Prisma Access Integration
Prisma Access manual Integration

Prisma Access Configuration 

  1. Go to sase.paloaltonetworks.com and login

  2. Allocate bandwidth to the required Compute locations.
    Navigate to Manage > Service Setup > Remote Networks and click on Bandwidth Management tab.

    Below we have allocated 100Mbps to different compute locations

     

  3. Onboard your Remote Network by Navigating to Manage > Service Setup > Remote Networks


     
  4. Click “Add Remote Networks” at the top right corner
     
  5. Configure General information - Select Compute point closest to your location. Below we have selected US Southeast for our Atlanta Branch Office
     
  6. Setup Primary Tunnel

    Under Tunnel, Click on Set Up.
     
  7. Update Tunnel NameShared secret and Address of the branch network (Static or dynamic). If the branch device does not have a dedicated IP, you can use the dynamic option with FQDN of the branch as configured below.

8. IKE and IPsec settings can be configured by clicking on IKE Advanced Options & IPsec Advanced options
 

  • IKE Advanced Options > “Create New” and save configuration once parameters have been set.

Below we created a new IKE setting for our Atlanta Office

  • IPsec Advanced options  > “Create New” and save configuration once parameters have been set.

Below we created a new IPsec setting for our Atlanta Office


9. Once both IKE and IPsec settings have been configured and saved, you need to save configurations on the bottom right of the General page seen below.