Focus

Prisma Access

Mobile Users: IP Address Allocation

Table of Contents

Filter

Expand All | Collapse All

Prisma Access Docs

Administration
Version
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Integrations
Incidents & Alerts
Release Notes
Version
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred

Configure the Prisma Access Service Infrastructure

Example: Public IP Address Scaling Examples (Mobile Users)

Mobile Users: IP Address Allocation

Learn about how Prisma Access allocated IP addresses for mobile user deployments.

Where Can I Use This?	What Do I Need?
Prisma Access (Managed by Strata Cloud Manager) Prisma Access (Managed by Panorama)	`Prisma Access` license

After you set up your Prisma Access deployment, it is useful to know when IP addresses change so that you can pro-actively plan your infrastructure, retrieve the IP addresses, and add the required IP addresses to allow lists accordingly. The IP address changes can be the result of changes you made (for example, adding another mobile users location) or changes that Prisma Access performs automatically (for example, a large number of mobile users accesses a single Prisma Access gateway).

After you deploy Prisma Access for users for the first time, Prisma Access assigns two public and, if applicable, egress IP addresses
for each portal and gateway. These IP addresses are unique, not shared, are dedicated to your Prisma Access deployment, and remain allocated to your tenant until the Prisma Access subscription expires and the grace period is over.

If you have a multitenant setup, Prisma Access adds dedicated IP addresses for each tenant.

Since the public IP address is the source IP address used by Prisma Access for requests made to an internet-based destination, you may need to know what the public IP address are and add them to an allow list in your network to provide your users access to resources such as SaaS applications or publicly-accessible partner applications.

New public IP addresses can be added to the tenant if the following events occur:

A large number of mobile users access a location in the same location.

To address the capacity requirement to service large number of users, Prisma Access may add one or more gateways, Prisma Access adds one or more gateways to accommodate the increased number of users, assigns one or more of the existing public IP addresses to the new gateway, and adds a new set of IP addresses to the mobile user locations to replace the ones that were used.

You add one or more locations to your deployment.

When you add more locations, Prisma Access adds another gateway and a new set of IP addresses for each new location you add.

Because Prisma Access enables more public IP addresses after a scaling event and after you add a location, you should add an IP change event notification URL, or use the API to retrieve mobile user addresses, to be notified of IP address changes in your Prisma Access infrastructure. You can then add any added or changed addresses to an allow list.

Configure the Prisma Access Service Infrastructure

Example: Public IP Address Scaling Examples (Mobile Users)

Prisma Access Docs

Mobile Users: IP Address Allocation

Prisma Access Docs

Mobile Users: IP Address Allocation

Recommended For You

Activation & Onboarding

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

Best Practices

Experts Corner