Specify IP Address Pools for Mobile Users

You need to make sure that you have specified an IP address pool that allows enough coverage for the mobile users in your organization. We recommend having at least one IP address in your IP address pool for each unique mobile user in your organization so they can log in simultaneously. If your pool space is limited, however, you can specify a smaller address pool.
A warning message displays if you specify an IP address pool that is less than the total number of licensed mobile users. If you determine that your deployment will not have all mobile users log in concurrently, you can bypass this message and keep this configuration.
GlobalProtect cloud service checks your configuration to make sure that you have specified the following minimum IP address pool:
  • If you specify a Worldwide address pool, a minimum of /23 (512 IP addresses) is required if you have locations deployed in one or two regions. If you have locations in three regions, a minimum /22 (1,096) addresses is required.
    You can divide up your total subnets into smaller subnets; the minimum subnet you can specify is /23.
  • If you specify IP address pools per region, a minimum of 512 IP addresses (/23 address pool) is required for each region where you have locations deployed.
    If you do not onboard any GlobalProtect cloud service gateways in a region, an IP address pool for that region is not required. For example, if you specify gateways in US East (N. Virginia), US East (Ohio), and US West (N. California), you need to only specify an IP address pool for the Americas region.
  • If you specify a mix of Worldwide and regional pools, specify IP address pools to ensure that there are at least 512 IP addresses per region.
    For example, for a three-region deployment, you can specify 1,024 addresses in the Europe region and 512 addresses Worldwide.

Related Documentation