Prisma Access
Context-Driven IP Address Manager for Mobile Users
Table of Contents
Context-Driven IP Address Manager for Mobile Users
Discover Context-Driven IP Address Manager for Mobile Users.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
This is a Limited Availability release. To
activate this functionality, reach out to your Palo Alto Networks
account representative before activating the tenant. |
In the global digital economy, export control compliance is a business imperative.
Regulatory frameworks such as the International Traffic in Arms Regulations (ITAR) and the Export Administration
Regulations (EAR) mandate strict oversight of how sensitive technology
and data are accessed, specifically tied to user location and nationality.
In modern cloud environments, an export occurs the moment controlled data is
electronically transmitted across a defined border. Because sensitive information often
resides in hybrid environments across multiple jurisdictions, organizations must align
access with both internal security policies and government mandates.
This creates two primary areas of continuous risk:
- Geo-Location Policy Enforcement—Ensuring users only access data from approved locations and that data residency remains compliant. This is critical during international travel, where unauthorized access can inadvertently trigger a regulatory violation.
- Sanctioned Region Enforcement—Maintaining absolute access restrictions for users connecting from sanctioned countries, regardless of their identity or credentials.
Historically, organizations have managed these challenges through a fragmented mix of VPN
concentrators, firewalls, VRFs, and network access control lists (NACLs). This legacy
approach leads to operational complexity and inconsistent enforcement.
Prisma SASE provides a unified, policy-driven architecture that simplifies compliance
without compromising user experience. To help organizations meet evolving global
demands, the Prisma Access Context-Driven IP Address Manager allows administrators to
define granular policies that dynamically assign source IP addresses based on three
real-time data points:
- User Geo-Location—The physical, real-time location of the user’s device.
- Prisma Access Location—The specific gateway (such as US-East, Germany-Central) to which the user is connected.
- User/Group Membership—The user’s authenticated identity and role.
Using the Prisma Access Context-Driven IP Address Manager, organizations can enforce the
strictest export control requirements while ensuring a seamless experience for the
modern, mobile workforce.
Configure a Context-Driven IP Pool
Configure a Context-Driven IP Pool for mobile users.
- In Strata Cloud Manager, go to
- Select the sand select the gear icon.
![]()
- From the Context-Aware Client IP Pool section, select
Add IP Pool for the context-driven IP addresses.
![]()
- Create an IP Pool Profile. Under Match Criteria, select:
- Locations—The user's Prisma Access gateway locations. Click Any or Select Theaters, Prisma Access Location Groups, or Prisma Access Locations.
- Users—Identify the users. Click Any or Select Users or User Groups.
- User Geo-Location—The user's physical location. Click Any or Select a Predefined or Custom geo-location.
- Give the new IP pool an ID. Under IP Pools, enter an IP
address, and Save.
![]()
- Verify your changes by going to , viewing the Tunnel Statistics, and verifying the
Assigned IP Address(es).
![]()
