>
    How the GlobalProtect App Selects Prisma Access Locations for Mobile Users
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma Access
    3. Prisma Access Mobile Users
    4. Mobile Users: GlobalProtect
    5. How the GlobalProtect App Selects Prisma Access Locations for Mobile Users
    Download PDF
    Prisma Access

    How the GlobalProtect App Selects Prisma Access Locations for Mobile Users

    Table of Contents

    How the GlobalProtect App Selects
    Prisma Access
     Locations for Mobile Users

    Learn how the GlobalProtect app selects a location when
    Prisma Access
     mobile users log on.
    Where Can I Use This?
    What Do I Need?
    • Prisma Access (Managed by Strata Cloud Manager)
    • Prisma Access (Managed by Panorama)
    • Prisma Access
       license
    When a mobile user connects to a
    Prisma Access
     location, the app uses the following selection process to determine to which location it connects.
    You enable the mobile user locations where you want Prisma Access to be present during mobile user onboarding. If you do not select the location during onboarding,
    Prisma Access
     does not use it in your deployment.
    • If the mobile user connects in a country that has a Prisma Access location, the user connects to the location in that country.
    • If the mobile user cannot connect to an in-country location for any reason,
      Prisma Access
       selects from one of the following mobile user locations to connect the user based on region.
      • Asia, Australia & Japan
        : Hong Kong, Japan Central, or Japan South
      • Africa, Europe & Middle East
        : Netherlands Central
      • North America & South America
        : US Northwest
      Palo Alto Networks recommends that you enable at least one of these locations in their respective regions during mobile user onboarding to provide redundancy. If you have mobile users who connect to
      Prisma Access
       from a country that does not have a
      Prisma Access
       location, you must enable at least one of the fallback locations in the preceding list.
      The Hong Kong, Japan Central, Japan South, Netherlands Central, and US Northwest locations can accept client connections from anywhere and are known as
      global fallback locations
      . In addition to these locations, you can enable one or more of the following locations which also act as global fallback locations:
      • Bahrain
      • France North
      • Ireland
      • South Africa West
      • South Korea
    • Palo Alto Networks recommends that you enable locations in more than one compute location for redundancy purposes.
    • If you use on-premises gateways with
      Prisma Access
       locations, you can specify priorities in
      Prisma Access
       to let mobile users connect to either a specific on-premises GlobalProtect gateway or a
      Prisma Access
       location. See Manage Priorities for for details.
    • When mobile users connect, the GlobalProtect app does not use the following
      Prisma Access
       locations in the automatic gateway selection process, even if you selected the
      Prisma Access
       locations in the plugin during onboarding. However, mobile users can still manually select one of these locations and set it as a preferred location (gateway) as long as you allow them to manually select those locations during mobile user onboarding:
      • Australia: Australia East
      • Brazil: Brazil East and Brazil Central
      • France: France South
      • Germany: Germany North and Germany South
      • India: India South
      • Mexico: Mexico West
      • Netherlands: Netherlands South
      • Pakistan: Pakistan West
      • Russia: Russia Northwest
      • Spain: Spain East
      You might have to change your
      Connect Method
       to
      On-Demand
       for the mobile user to manually connect to a gateway.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.