Prisma Access Administration
  • Prisma Access Administration
  • Prisma Access Documentation
  • All Documentation
>
Allow Listing GlobalProtect Mobile Users (Strata Cloud Manager)
Focus
Download PDF
Focus
  1. Home
  2. Prisma Access
  3. Prisma Access Administration
  4. Prisma Access Mobile Users
  5. Mobile Users: GlobalProtect
  6. Allow Listing GlobalProtect Mobile Users
  7. Allow Listing GlobalProtect Mobile Users (Strata Cloud Manager)
Download PDF
Prisma Access

Allow Listing GlobalProtect Mobile Users (Strata Cloud Manager)

Table of Contents
Learn how to find the IP addresses that you need to add to your network's allow lists.
Enable Prisma Access to display the egress IP addresses for Prisma Access traffic. Use these IP addresses in the IP allow lists for your SaaS applications, where you’re restricting usage to authorized users or sources.
  1. Go toWorkflowsPrisma Access SetupGlobalProtectInfrastructure and edit Prisma Access Locations settings.
  2. Display the IP addresses for Prisma Access locations.
    1. Enable Egress IP Allowlist to display the IP addresses for onboarded Prisma Access locations.
    2. Copy and add the allocated IP addresses to the allowlists of your SaaS applications.
    3. Migrate to confirm the IP addresses allocated for the onboarded locations in Prisma Access.
  3. Retrieve the IP addresses for a newly-onboarded location or during an auto-scaling event.
    1. Select the Location name to find the new egress IP addresses allocated to the location.
    2. Select Confirmed adding to my IP Allowlist to add these IP addresses to the allow lists for your SaaS applications before you confirm them in Prisma Access.
      If you have IPv6 addresses, select Confirmed adding to my IPv6 Allowlist.
  4. Push your changes to Prisma Access.

Statuses of Allocated Egress IP Addresses

The status column in the Egress IP Allowlists indicates if all the allocated IP addresses for the locations are provisioned for your deployment. Read on to learn about each status.
  • Provisioned—You have added the egress IP addresses to the allowlists of your SaaS applications, confirmed the IP addresses in Prisma Access, and pushed your changes to fully provision them.
  • Partially Provisioned—You have added the first set of egress IP addresses, confirmed them in the Prisma Access, and pushed your changes. However, Prisma Access has added another set of IP addresses as part of an autoscale event, and those IP addresses are not yet confirmed in Prisma Access.
  • Not ProvisionedPrisma Access has allocated IP addresses for the location, and you have added the egress IP addresses to the allow lists of your SaaS applications and confirmed them in Prisma Access, but you have not yet onboarded this location.
  • Cannot be Provisioned—You have onboarded this location, but have not yet confirmed in Prisma Access and pushed your changes.
The Egress IP Allowlists table also indicates the number of IP addresses that are confirmed and not yet confirmed in Prisma Access. For example, 1/2 means, 1 out of 2 IP addresses allocated for the location are confirmed in Prisma Access.

Technical Documentation

Company

Legal Notices

© 2025 Palo Alto Networks, Inc. All rights reserved.