Loopback IP Address Allocation (Mobile Users)
Focus
Focus
Prisma Access

Loopback IP Address Allocation (Mobile Users)

Table of Contents

Loopback IP Address Allocation (Mobile Users)

Learn about when loopback IP addresses can change for mobile user deployments.
Where Can I Use This?What Do I Need?
  • Prisma Access (Managed by Strata Cloud Manager)
  • Prisma Access (Managed by Panorama)
  • Prisma Access license
Loopback addresses are IP addresses used by Prisma Access for requests made to an internal source and are assigned from the infrastructure subnet. Loopback IP addresses can change for mobile users during an infrastructure or dataplane upgrade.
Loopback IP addresses do not change for service connections or remote network connections during an infrastructure or dataplane upgrade; only mobile user loopback IP addresses can change.
Prisma Access allocates the loopback IP addresses from the infrastructure subnet that you specify when you enable the Prisma Access infrastructure. You can add the entire infrastructure subnet to an allow list and avoid planning for mobile user loopback IP changes during an infrastructure or dataplane upgrade. To find the infrastructure subnet, select:
  • Prisma Access (Managed by Strata Cloud Manager): WorkflowsPrisma Access SetupPrisma AccessInfrastructure Settings and view the Infrastructure Subnet
  • Prisma Access (Managed by Panorama): PanoramaCloud ServicesStatusNetwork DetailsService Infrastructure and view the Infrastructure Subnet
Retrieve these addresses using the API used to retrieve public IP and loopback IP addresses.
The following example shows a Prisma Access deployment that has an infrastructure subnet of 172.16.0.0/16. Prisma Access has assigned loopback IP addresses 172.16.0.1 and 172.16.0.3 for mobile users from the infrastructure subnet.
After in infrastructure or dataplane upgrade (for example, to prepare for a new release of the Cloud Services plugin), Prisma Access assigns two different IP addresses for mobile users from the infrastructure subnet (172.16.0.1 is changed to 172.16.0.2 and 172.16.0.3 is changed to 172.16.0.4).