Learn how to set up the Prisma Access infrastructure and create a service connection
to provide access to your internal data resources.
Where Can I Use This?
What Do I Need?
Prisma Access (Managed by Strata Cloud Manager)
Prisma Access (Managed by Panorama)
Prisma Access license
Use the following recommendations and requirements when adding an infrastructure
subnet:
You can assign Prisma Access an infrastructure subnet from an existing supernet
in your organization’s IP address pool, but do not assign any of the IP
addresses from the infrastructure subnet for any other use in your existing
network.
The following example shows a Prisma Access infrastructure subnet, 10.10.1.0/24,
that you assigned from an existing supernet, 10.0.0.0/8. After you assign
10.10.1.0/24 as the infrastructure subnet, your organization cannot use any IP
addresses from that subnet. For example, you can assign 10.10.2.1 to an
endpoint, but 10.10.1.1 is not allowed because that IP address is part of the
infrastructure subnet.
If you create a new subnet for the infrastructure subnet, use a subnet that does
not overlap with other IP addresses you use internally.
(Recommended) Use an RFC 1918-compliant subnet. While the use of non-RFC
1918-compliant (public) IP addresses is supported, we do not recommend it,
because of possible conflicts with internet public IP address space.
Do not specify any subnets that overlap with the following IP addresses and
subnets, because Prisma Access reserves those IP addresses and subnets for its
internal use.
169.254.0.0/16
100.64.0.0/10
The subnet cannot overlap with the IP address pools you plan to use for the
address pools you assign for your mobile users deployment.
Because the service infrastructure can be very large, you must designate a /24
subnet at a minimum.