During the Zero Touch Provisioning (ZTP) process of a new ION device at a branch site, which interface ports are supported by default to request an IP address via DHCP and reach the Prisma SD-WAN controller for claiming?
A.
Only the dedicated Controller port (if available)
B.
Any LAN or WAN port on the device
C.
The dedicated Controller port, or Port 1 / Internet 1 if a dedicated port is absent
For a successful Zero Touch Provisioning (ZTP) experience, the ION device must be able to obtain an IP address and reach the internet immediately upon boot-up.
According to Palo Alto Networks hardware guides, the Controller Port (often labeled specifically as "CONTROLLER" on models like the ION 3000/7000/9000) is pre-configured to act as a DHCP client by default. It is the preferred interface for the initial "call home" process.
However, for smaller desktop models (like the ION 1000/2000/1200 series) or scenarios where a dedicated management network is not available, the device firmware is also configured to attempt DHCP client requests on Port 1 (often labeled as Internet 1 or simply 1).
Connecting the ISP circuit to any random port (like Port 4 or a LAN port) will not work for ZTP because those interfaces are not pre-configured as DHCP clients in the factory default state. Therefore, the installer must ensure the internet uplink is connected to either the dedicated Controller port or Port 1/Internet 1 to ensure the device can resolve the controller FQDN and download its configuration.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit