>
    Workflows: Prisma Access
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Cloud Manager
    3. Workflows: Strata Cloud Manager
    4. Workflows: Prisma Access Setup
    5. Workflows: Prisma Access
    Download PDF
    Strata Cloud Manager

    Workflows: Prisma Access

    Table of Contents

    Workflows:
    Prisma Access

    Where Can I Use This?
    What Do I Need?
    • Prisma Access (Managed by Strata Cloud Manager)
    • Prisma Access
       license
    Before you can use
    Prisma Access
     to secure your remote networks and mobile users, you must configure an infrastructure subnet.
    Prisma Access
     uses the subnet to create the network backbone for communication between your branch networks, mobile users, and the
    Prisma Access
     security infrastructure, as well as with the HQ and data center networks you plan to connect to
    Prisma Access
     over service connections. If you use dynamic routing for your remote networks or service connections, you must also configure an RFC 6696-compliant BGP Private AS number.
    Use the following recommendations and requirements when you add an infrastructure subnet for
    Prisma Access
    .
    • Use an RFC 1918-compliant subnet. While
      Prisma Access
       supports the use of non-RFC 1918-compliant (public) IP addresses, it's not recommended due to possible conflicts with the internet public IP address space.
    • Don't specify any subnets that overlap with 169.254.169.253, 169.254.169.254, and the 100.64.0.0/10 subnet range because
      Prisma Access
       reserves those IP addresses and subnets for its internal use. This subnetwork is an extension to your existing network and therefore can't overlap with any IP subnets that you use within your corporate network or with the IP address pools that you assign for
      Prisma Access
       for Users or
      Prisma Access
       for Networks. Because the service infrastructure requires a large number of IP addresses, you must designate a /24 subnetwork (for example, 172.16.55.0/24).
    • Enter an Infrastructure subnet that
      Prisma Access
       can use to enable communication between your remote network locations, mobile users, and the HQ or data centers that you plan on connecting to
      Prisma Access
       over service connections. Use an RFC 1918-compliant subnet for the infrastructure subnet.
    See
    Prisma Access
     Setup for more information.

    Set up the DNS for Infrastructure

    Prisma Access
     allows you to specify Domain Name System (DNS) servers to resolve both domains that are internal to your organization and external domains.
    Prisma Access
     proxies the DNS request based on the configuration of your DNS servers.
    Setting up the infrastructure DNS will provide access to services on your corporate network—like LDAP and DNS servers— especially if you plan to set up service connections to provide access to these type of resources at HQ or in data centers. DNS queries for domains in the Internal Domain List are sent to your local DNS servers to ensure that resources are available to
    Prisma Access
     remote network users and mobile users.
    This will set up internal domain lists that apply to all traffic. If preferred, you can view the Admin Guide to see how to create internal domain lists that apply only to specific mobile user deployments or remote network sites.
    The benefits of setting up DNS for the infrastructure are:
    • Enable
      Prisma Access
       to resolve your internal domains
    • Set up DNS to resolve both internal and external domains
    • Use a wildcard (*) before the domains in the domain list, for example, *.acme.local or *.acme.com
    See DNS for
    Prisma Access
     for more information.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.