Prisma Access
Add Tenants to Prisma Access
Table of Contents
Add Tenants to Prisma Access
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
After you migrate the existing information as
a first tenant, you can create and configure additional tenants.
For each tenant you create after the first, Prisma Access creates
a separate access domain with its own set of template stacks and templates
and its own domain groups.
Use this workflow to add more tenants
to Prisma Access.
If you are creating an all-new multitenant
deployment, use this workflow to add the first tenant, as well as
additional tenants. See Create an All-New Multitenant Deployment for more
information.
- Log in to Panorama as a superuser.
- Add and configure the tenant.
- Select , then Add a new tenant.Be sure that you select Remote Networks/Mobile Users; to create and configure a Clean Pipe deployment, see Prisma Access for Clean Pipe.
- Specify a descriptive Name for the tenant.
- Add a new Access Domain, give it a descriptive Name, and click OK to return to the Tenants window.After you click OK, Prisma Access automatically creates templates, template stacks, and device groups and associates them to the access domain you create.
- Specify the amount of Bandwidth (Mbps) to allocate for the Remote Networks and the number of Users to allocate for the Mobile Users.
- (Deployments with Autonomous DEM Only) If you have purchased an license, select the number of units to allocate for ADEM.
- Click OK to create the first tenant.
- Make sure that Prisma Access applied the template stack, template, and device group service settings to the service connection settings of the tenant you just created.
- Select the tenant you created from the Tenant drop-down.
- Select .
- Click the gear icon to the right of the Settings area to edit the settings.
- Make sure that Prisma Access has associated the template stack (sc-stk-tenant), template (sc-tpl-tenant), and device group (sc-dg-tenant) to your service connection settings.
- Make sure that the Parent Device Group is set to Shared and click OK.
- Make sure that Prisma Access applied the template stack, template, and device group to the remote network settings.
- Select and click the gear icon to the right of the Settings area to edit the settings.
- Make sure that the Prisma Access has associated the template stack (rn-stk-tenant), template (rn-tpl-tenant), and device group (rn-dg-tenant) to your remote network settings.
- Make sure that the Parent Device Group is set to Shared and click OK.
- Make sure that Prisma Access applied the template stack, template, and device group to the mobile user settings.
- Select and click the gear icon to the right of the Settings area to edit the settings.
- Make sure that the Prisma Access has associated the template stack (mu-stk-tenant), template (mu-tpl-tenant), and device group (mu-dg-tenant) to your remote network settings.
- Make sure that the Parent Device Group is set to Shared and click OK.
- Commit your changes locally to Panorama (.
- (Mobile User deployments only)—Add an infrastructure subnet, then commit and push your changes to make them active in Prisma Access.These steps are required for the mobile user changes to take effect.
- Select , click the gear icon to edit the Settings, and configure an infrastructure subnet.
- Select , Edit Selections in the Push Scope, and make sure that Mobile Users is selected.
- Click OK to save your changes to the Push Scope.
- Commit and Push your changes.
- Select the new tenant you created by selecting and continue the configuration of your tenant.
- Onboard and Configure Remote Networks if you are licensed for remote networks.
- Set Up Global Protect for if you are licensed for remote users.
