Before you can use Prisma Access to secure your remote networks and mobile users, configure an infrastructure subnet. Prisma Access uses IP addresses within this subnet to establish a network between your remote network locations, mobile users, headquarters and data center (if applicable). Prisma Access also uses service connections to access internal resources from your headquarters or data center location.

This sub-network will be an extension to your existing network. Hence, it should not overlap with any existing IP subnets in your network. The following example shows a 172.16.55.0/23 subnet that is being used for the Prisma Access infrastructure subnet.

For small networks with less than 50 sites and 2500 mobile users, consider a /24 subnet. For medium sized networks with less than 100 sites and less then 5000 mobile users, consider a /23 subnet. In most cases a /23 subnet is sufficient. If there are more than 100 sites or 5000 mobile users or expected future growth, contact Palo Alto Networks to evaluate whether you need a larger subnet size.

Learn how to set up Prisma Access.