Focus

Prisma Access

Cloud Management

Table of Contents

Filter

Expand All | Collapse All

Prisma Access Docs

Administration
Version
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Integrations
Incidents & Alerts
Release Notes
Version
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred

Cloud Management

Learn how to enable the egress IP allowlists for existing cloud managed mobile users.

Enable Prisma Access to display the egress IP addresses for Prisma Access traffic. Use these IP addresses in the IP allow lists for your SaaS applications, where you’re restricting usage to authorized users or sources.

Go to

Manage

Service Setup

Mobile Users

If you're using Strata Cloud Manager, go to

Workflows

Prisma Access Setup

GlobalProtect

Infrastructure

and edit

Prisma Access Locations

settings.

Display the IP addresses for Prisma Access locations.

Enable
Egress IP Allowlist to display the IP addresses for onboarded Prisma Access locations.

Copy and add the allocated IP addresses to the allowlists of your SaaS applications.

Migrate
to confirm the IP addresses allocated for the onboarded locations in Prisma Access.

Retrieve the IP addresses for new onboarded location or during an auto-scaling event.

Select the Location
name to find the new egress IP addresses allocated to the location.

Add these IP addresses to the allowlists for your Saas applications before you confirm them in Prisma Access.

Push your changes to Prisma Access.

Statuses of Allocated Egress IP Addresses

The status column in the Egress IP Allowlists indicates if all the allocated IP addresses for the locations are provisioned for your deployment. Read on to learn about each status.

Provisioned
- You have added the egress IP addresses to the allowlists of your SaaS applications, confirmed the IP addresses in Prisma Access, and pushed your changes to make them fully provisioned.

Partially Provisioned
- You have added the first set of egress IP addresses, confirmed them in the Prisma Access, and pushed your changes. However, Prisma Access has added another set of IP addresses as part of an auto-scale event, and those IP addresses are not confirmed in Prisma Access.

Not Provisioned
- Prisma Access has allocated IP addresses for the location, and you have added the egress IP addresses to the allowlists of your SaaS applications and confirmed them in Prisma Access, but you have not yet onboarded this location.

Cannot be Provisioned
- You have onboarded this location, but have not yet confirmed in Prisma Access and pushed your changes.

The Egress IP Allowlists table also indicates the number of IP addresses that are confirmed and yet to be confirmed in Prisma Access. For example, 1/2 means, 1 out of 2 IP addresses allocated for the location is confirmed in Prisma Access.

Prisma Access Docs

Cloud Management

Prisma Access Docs

Cloud Management

Statuses of Allocated Egress IP Addresses

Recommended For You

Activation & Onboarding

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

Best Practices

Experts Corner