Users Guide

293 | BranchController Config for Controllers Dell Networking W-Series ArubaOS 6.4.x| User Guide

The uplink VLAN manager is enabled by default on branch controller uplinks. Master or local (non-branch)

controllers using the PAN portal feature must enable the uplink VLAN manager using the uplink command in

the controller command-line interface.

Figure 44 Branch Controller and PAN Firewall Integration

Integration Workflow

The following steps describes the work flow to integrate a branch controller with a Palo Alto Networks (PAN)

Large-Scale VPN (LSVPN) firewall.

1. Palo Alto Portal certificates are installed on the master controller, and the master controller is configured

with the Palo Alto portal IP address or FQDN, Palo Alto certificate, and the username and password for

device authentication using the Configuration> Branch > Smart Config > WAN section of the master

controller WebUI.

2. The W-7000 Series branch controller is provisioned via the basic setup dialog.

3. The Palo Alto portal may be configured with the device number (a text string comprised of the device serial

number followed by its MAC address) of the branch controller(s) at each remote office site. This allows the

branch controller to bypass the username and password challenge to authenticate to the portal.

4. The branch controller initiates a secure connection to the Palo Alto portal. Once the branch controller is

authenticated, the Palo Alto portal sends the branch controller a list of PAN gateways and priority levels.

Once the branch controller is authenticated, that device appears in the PAN satellite list, as shown in the

figure below.