To activate this functionality, reach out to your Palo Alto
Networks account representative.
IP capacity planning streamlines the Prisma Access tenant onboarding process by
automating and simplifying egress IP address capacity planning for Mobile
Users—GlobalProtect deployments. You can quickly allocate egress IP addresses for
your mobile users based on the location and number of mobile users, significantly
reducing the time it takes to allow list the public IP addresses in your network.
You can use the workflow to add locations individually or through bulk upload,
visualizing your global deployment on an interactive map, and automatically
suggesting optimal Prisma® Access locations based on your input. You can easily
review and adjust these recommendations, ensuring that your deployment aligns with
your specific needs.
Prisma Access allocates two egress IP addresses for every 5,000 users; if you add
more users, Prisma Access adds more IP addresses. You can then add these IP
addresses to your organization's allow lists.
The IP address capacity planner also offers a comprehensive view of your egress IP
address allocations and user distributions, enabling you to make informed decisions
about your network resources. By using this feature, you can expedite your Prisma
Access deployment, and ensure a smooth end-user experience. The automated process
lets you optimize your deployment and make it easier to scale your network as your
needs evolve. This feature is valuable if you have a large, geographically diverse
user base or need to frequently adjust your network capacity to meet changing
demands.
This functionality is supported for new Prisma Access Mobile Users—GlobalProtect
deployments and existing Prisma Access deployments that have not yet started the
process to onboard GlobalProtect mobile users.
IPv6 is not supported.
Before you start to allocate IP addresses, make sure that you have a comprehensive
list of cities and estimated user counts before beginning the process.
IP capacity planning requires that IP
Optimization be enabled.
Go to
ConfigurationNGFW and Prisma AccessConfiguration ScopePrisma AccessMobile Users.
Click the gear in Egress IP Planning.
Add the information and enter the city closest to the mobile users and
the number of users.
Prisma Access populates the zip code and displays the city on a map.
Alternatively, you can enter cities and users with a CSV Bulk
Update using a .csv file. To do this, Download
CSV Template File, and enter this information in the ZIP
file with the information delineated with commas:
The two-letter country code.
Prisma Access uses the ISO 3166-1
standard for the country code.
The city's ZIP code.
Prisma Access uses the ZIP code standard
based on the country in which the city resides.
The number of users.
Here's an example of a correctly formatted .csv file:
When complete, drag and drop the file, or Browse File
and select it on your computer.
Prisma Access shows that the locations are successfully added.
Perform the Mapping to Prisma Access Location.
Prisma Access provides you with the recommended Prisma Access
locations to use for each location you specified.
(Optional) If you want to change the default Prisma Access
Location, select another location.
Go to the Final Confirmation.
Confirm the Prisma Access locations and the number of users.
Allocate Egress IPs.
Make a note of the Egress IP addresses, or Copy Egress
IPs, and add these IP addresses to your organization's allow
lists.
Prisma Access does not always have a one-to-one
mapping from the cities and users you specify to the IP addresses. For
example, if you specify 250 users in Portland, Oregon and 250 users in
Gresham, Oregon, Prisma Access can assign a location of US Northwest and
use the same egress IP address for those combined locations.
(Optional) If you need to make changes, Edit Egress IP
Planning and change the locations as needed.
