Focus

Prisma Access

IP Optimization for Mobile Users - GlobalProtect Deployments

Table of Contents

Filter

Expand All | Collapse All

Prisma Access Docs

Administration
Version
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Integrations
Incidents & Alerts
Release Notes
Version
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred

Retrieve the IP Addresses for Prisma Access

API Examples for Retrieving Prisma Access IP Addresses

IP Optimization for Mobile Users - GlobalProtect Deployments

IP Optimization provides a simpler, deterministic public IP address allow-listing experience, improved resiliency, and faster onboarding of Prisma Access tenants.

Where Can I Use This?	What Do I Need?
`Prisma Access (Managed by Panorama)` Prisma Access (Managed by Strata Cloud Manager)	`Prisma Access` license Prisma Access version 5.0 or later

IP Optimization is a set of architectural enhancements that reduce the overall number of IP addresses in your deployment, simplifying your allow-listing workflows while improving resiliency and enabling faster onboarding of Prisma Access tenants.

Simpler Public IP Address allow-listing
–Adding a Prisma Access location or experiencing a scaling event at an existing Prisma Access location could lead to new IP addresses being allocated to the mobile user security processing node (MU-SPN). It's a best practice to retrieve the new egress and gateway IP addresses that Prisma Access assigns and add them to an allow list in your network to avoid SaaS application or corporate firewall disruption. This can result in a situation where you're managing a large number of IP addresses. IP Optimization reduces the number of IP addresses you have to manage.

Faster Onboarding of Prisma Access Tenants
–Without IP Optimization, you’d need to assign unique private IP addresses to each device across Prisma Access and your private networks, requiring you to allocate large IP blocks from your limited corporate routable IP address space. IP Optimization lets Prisma Access allocate addresses from shared address space by default and NAT private application traffic.

IP Optimization requires Prisma Access 5.0 or later, and can be enabled when you set up GlobalProtect for the first time.

When you set up GlobalProtect for the first time, you’ll be asked whether or not you want to enable Prisma Access IP Optimization. Choosing to enable IP Optimization requires your mobile users to be on GlobalProtect client version 6.1.4.

IP optimization currently supports only IPv4 traffic.

The API to retrieve Prisma Access IP addresses continues to work as it always has, even with IP Optimization enabled.

Retrieve the IP Addresses for Prisma Access

API Examples for Retrieving Prisma Access IP Addresses

Prisma Access Docs

IP Optimization for Mobile Users - GlobalProtect Deployments

Prisma Access Docs

IP Optimization for Mobile Users - GlobalProtect Deployments

Recommended For You

Activation & Onboarding

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

Best Practices

Experts Corner