Increased Location Support for Mobile
Users, Remote Networks, and Service Connections | To better accommodate worldwide deployments and
provide best-of-breed local coverage, you can now choose from more
than 100 locations in 76 countries when you onboard your mobile
users, remote network connections, and service connections. Be
aware of the following changes and requirements as a result of the
added locations: When you first install the plugin,
log out and then log back in to Panorama to see the new locations. For existing customers, Prisma Access retains all existing
locations in addition to adding support for the new locations; however,
existing location names have changed. In addition, if you allow
your mobile users to manually select gateways from the GlobalProtect
app, the gateway names that mobile users see from the app have changed. For mobile user deployments, if you currently add Prisma
Access public IP addresses to an allow list, you must allow the
addresses that Prisma Access assigns for any new locations that
you add. To ensure that mobile users do not lose access to SaaS
or public applications after you add more locations, Prisma Access
pre-reserves unique addresses for each location, and you can run
an API script and add the pre-reserved addresses to an allow list
before you add new mobile user locations. For mobile user deployments, there is a minimum number of
IP addresses that are required for each region where you deploy
the locations. When you configure mobile user deployments in Panorama,
the UI validates the minimum IP address pool and prompts you if
changes are required. This validation is not available if you configure
locations using CLI. If you deploy all locations using CLI, we recommend
that you add a /18 address in the Worldwide pool for mobile users.
|