Configuring the service connection
In Templates > Network > Network Profiles > IKE Gateways, first, switch the template to Service_Conn_Template, which will ensure the IPSec tunnel is created in the service connection part of the Prisma infrastructure. As we learned in Chapter 2, Configuring Advanced GlobalProtect Features, the IKE gateway is configured based on local and remote parameters.
Important note
The IPSec tunnel configuration is created as a service on the Prisma Access service infrastructure, so the physical firewall connecting to Prisma Access will need its own configuration.
The Prisma Access side interface will receive a static IP address, while the remote service connection can either be a static or dynamic host. In the following screenshot, my service connection is hosted on a dynamic ISP, so Peer IP Address Type is set to Dynamic and is behind a NAT device, and Local Identification and Remote Identification have been set to accommodate this. Follow...
