>
    Enable ZTNA Connector
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma Access
    3. Prisma Access ZTNA Connector
    4. Enable ZTNA Connector
    Download PDF
    Prisma Access

    Enable ZTNA Connector

    Table of Contents

    Enable ZTNA Connector

    Learn how to configure a ZTNA Connector in
    Prisma Access
    .
    Where Can I Use This?
    What Do I Need?
    • Prisma Access (Managed by Strata Cloud Manager)
    • Prisma Access (Managed by Panorama)
    • Prisma Access
       4.0
      Prisma Access
       5.0 supports wildcards and IP subnet-based app targets.
      Prisma Access
       5.0.1 supports associating multiple connector groups with FQDN Targets and Wildcard Targets and introduces proximity-based application routing.
    • ZTNA Connector add-on license
      The Business license with the add-on license includes eight ZTNA Connectors, 100 FQDN, and four IP subnet functionality.
      The Business Premium license with the add-on license includes 40 ZTNA Connectors, 300 FQDN, and unlimited IP subnet functionality.
      The Advanced license with the add-on license has unlimited ZTNA Connectors, FQDN, and IP subnet functionality.
    • If you don't purchase the ZTNA Connector add-on license,
      Prisma Access
       licenses include 20 apps, two connectors, and four IP subnets. This functionality is provided for the purpose of trying out ZTNA Connectors in your environment.
    Before you can set up ZTNA Connector, you must enable it within
    Prisma Access
    . Before you enable ZTNA Connector, do the following:
    • Identify your Application IP and Connector IP address blocks. You must reserve a separate address pool to reserve for use within
      Prisma Access
       internally to route traffic to the connectors and private applications you’ll be onboarding.
      Prisma Access
       resolves the FQDNs of the applications you onboard to ZTNA Connector to the IP addresses in the Application IP address block. Similarly,
      Prisma Access
       uses the Connector IP address block to route traffic from the remote network or mobile user to the appropriate ZTNA Connector.
      You should reserve at least a /16 subnet for the address pool. Use RFC 1918 or RFC 6598 addresses. You can specify an RFC 1918 address pool during ZTNA Connector setup instead of RFC 6598; however, you cannot change the address pool type back to RFC 6598 after you specify RFC 1918.

    Cloud Management

    Learn how to configure a ZTNA Connector in
    Prisma Access
    .
    Use the following workflow to enable ZTNA Connector in Cloud Managed Prisma Access.
    1. Configure the IP address blocks that
      Prisma Access
       will use internally to route traffic to the ZTNA Connector and the private apps you onboard.
      You must define separate IP address blocks for your connectors and your applications and the blocks cannot overlap with each other, with the Prisma Access infrastructure subnet, or with you GlobalProtect IP address pool.
      • Select
        Settings
        Prisma Access
         Setup
        Shared
         and Edit the
        Infrastructure Settings
        .
        If you're using Strata Cloud Manager, go to
        Workflows
        Prisma Access
         Setup
        Prisma Access
        Infrastructure Settings
        .
      • Add
        ZTNA Connectors Application IP Blocks
        .
        You can add a single Application IP Block, or multiple blocks depending on your deployment. For example, enter 100.64.10.0/24 and 100.64.11.0/24. You can also
        Advertise Application IP blocks to Remote Networks
         to provide remote network access.
        Use RFC 1918 or RFC 6598 addresses. You can specify an RFC 1918 address pool during ZTNA Connector setup instead of RFC 6598; however, you cannot change the address pool type back to RFC 6598 after you specify RFC 1918.
      • Add
        ZTNA Connectors Connector IP Blocks
         that
        Prisma Access
         will use internally to route traffic between mobile users, remote networks and the connector VMs in your data centers.
        You can add a single Connector IP Block, or multiple blocks depending on your deployment. For example, enter 100.65.10.0/24 and 100.65.11.0/24.
      • Click
        Save
         to save the IP address block configuration and then
        Commit
         and push the configuration.
    2. Launch ZTNA Connector from the Prisma SASE Platform.
      • Log in to
        Prisma SASE Platform
        .
      • Select
        Settings
        ZTNA Connector
        .
        If you're using Strata Cloud Manager, go to
        Workflows
        ZTNA Connector
        .
      • If you haven't done so already,
        Enable ZTNA Connector
        .
      • Prisma Access
         begins setting up the infrastructure for the ZTNA Connector. This may take a few minutes.
      • When onboarding finishes, the ZTNA Connector Overview displays.

    Panorama

    Learn how to configure a ZTNA Connector in
    Prisma Access (Managed by Panorama)
    .
    Use the following workflow to enable ZTNA Connector in
    Prisma Access (Managed by Panorama)
    .
    1. Configure the IP address blocks that
      Prisma Access
       will use internally to route traffic to the ZTNA Connector and the private apps you onboard.
      • Select
        Panorama
        Cloud Services
        Configuration
        Service Setup
         and Edit the
        Settings
        .
      • On the
        ZTNA Connector
         tab
        Add
         an
        Application IP Block
        .
        You can add a single Application IP Block, or multiple blocks depending on your deployment. For example, if 100.64.10.0/24 and 100.64.11.0/24. You can also
        Enable Advertise Application IP Block to Remote Networks
        .
        Use RFC 1918 or RFC 6598 addresses. You can specify an RFC 1918 address pool during ZTNA Connector setup instead of RFC 6598; however, you cannot change the address pool type back to RFC 6598 after you specify RFC 1918.
      • Set the
        Connector IP Blocks
         that
        Prisma Access
         will use internally to route traffic between mobile users, remote networks and the connector VMs in your data centers.
        You can add a single Connector IP Block, or multiple blocks depending on your deployment. For example, enter 100.65.10.0/24 and 100.65.11.0/24.
      • Click
        OK
         to save the IP address block configuration and then
        Commit
         and push the configuration.
    2. Launch ZTNA Connector from the Cloud Services Plugin on Panorama.
      • Select
        Panorama
        Cloud Services
        ZTNA Connector
        .
      • Click the
        Prisma Access
         App
         to launch ZTNA Connector in the
        Prisma Access
         app on the hub.
      • From the
        Prisma Access
         app, select
        Settings
        ZTNA Connector
        .
      • If you haven't already done so,
        Enable ZTNA Connector
        .
      • Prisma Access
         begins setting up the infrastructure for the ZTNA Connector. This may take a few minutes.
      • When onboarding finishes, the ZTNA Connector Overview displays.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.