>
    Enable ZTNA Connector
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma Access
    3. Prisma Access ZTNA Connector
    4. Enable ZTNA Connector
    Download PDF

    Prisma Access

    Enable ZTNA Connector

    Table of Contents

    Enable ZTNA Connector

    Learn how to configure a ZTNA Connector in Prisma Access.
    Where Can I Use This?
    What Do I Need?
    • Prisma Access (Cloud Management)
    • Prisma Access (Panorama Managed)
    • Prisma Access 4.0
      Prisma Access 5.0 supports wildcards and IP subnet-based app targets.
    • ZTNA Connector Add-On license
      Prisma Access Enterprise licenses include two Connectors and 10 Apps without the Add-On license in Enterprise and ZTNA Edition licenses. In the Business and Business Premium edition, the licenses include two Connectors and one App. This functionality is provided for the purpose of trying out ZTNA Connectors in your environment. To deploy more apps and connectors, purchase the add-on license.
    Before you can set up ZTNA Connector, you must enable it within Prisma Access. Before you enable ZTNA Connector, do the following:
    • Identify your Application IP and Connector IP address blocks. You must reserve a separate address pool to reserve for use within Prisma Access internally to route traffic to the connectors and private applications you’ll be onboarding. Prisma Access resolves the FQDNs of the applications you onboard to ZTNA Connector to the IP addresses in the Application IP address block. Similarly, Prisma Access uses the Connector IP address block to route traffic from the remote network or mobile user to the appropriate ZTNA Connector.
      You should reserve at least a /16 subnet for the address pool. Use RFC 1918 or RFC 6598 addresses. You can specify an RFC 1918 address pool during ZTNA Connector setup instead of RFC 6598; however, you cannot change the address pool type back to RFC 6598 after you specify RFC 1918.

    Cloud Management

    Learn how to configure a ZTNA Connector in Prisma Access.
    Use the following workflow to enable ZTNA Connector in Cloud Managed Prisma Access.
    1. Configure the IP address blocks that Prisma Access will use internally to route traffic to the ZTNA Connector and the private apps you onboard.
      You must define separate IP address blocks for your connectors and your applications and the blocks cannot overlap with each other, with the Prisma Access infrastructure subnet, or with you GlobalProtect IP address pool.
      • Select
        Settings
        Prisma Access Setup
        Shared
         and Edit the
        Infrastructure Settings
        .
        If you're using Strata Cloud Manager, go to
        Workflows
        Prisma Access Setup
        Prisma Access
        Infrastructure Settings
        .
      • Add
        ZTNA Connectors Application IP Blocks
        .
        You can add a single Application IP Block, or multiple blocks depending on your deployment. For example, enter 10.64.10.0/24 and 10.64.11.0/24. You can also
        Advertise Application IP blocks to Remote Networks
         to provide remote network access.
        Use RFC 1918 or RFC 6598 addresses. You can specify an RFC 1918 address pool during ZTNA Connector setup instead of RFC 6598; however, you cannot change the address pool type back to RFC 6598 after you specify RFC 1918.
      • Add
        ZTNA Connectors Connector IP Blocks
         that Prisma Access will use internally to route traffic between mobile users, remote networks and the connector VMs in your data centers.
        You can add a single Connector IP Block, or multiple blocks depending on your deployment. For example, enter 100.65.10.0/24 and 100.65.11.0/24.
      • Click
        Save
         to save the IP address block configuration and then
        Commit
         and push the configuration.
    2. Launch ZTNA Connector from the Prisma SASE Platform.
      • Log in to
        Prisma SASE Platform
        .
      • Select
        Settings
        ZTNA Connector
        .
        If you're using Strata Cloud Manager, go to
        Workflows
        ZTNA Connector
        .
      • If you haven't done so already,
        Enable ZTNA Connector
        .
      • Prisma Access begins setting up the infrastructure for the ZTNA Connector. This may take a few minutes.
      • When onboarding finishes, the ZTNA Connector Overview displays.

    Panorama

    Learn how to configure a ZTNA Connector in Panorama-managed Prisma Access.
    Use the following workflow to enable ZTNA Connector in Panorama Managed Prisma Access.
    1. Configure the IP address blocks that Prisma Access will use internally to route traffic to the ZTNA Connector and the private apps you onboard.
      • Select
        Panorama
        Cloud Services
        Configuration
        Service Setup
         and Edit the
        Settings
        .
      • On the
        ZTNA Connector
         tab
        Add
         an
        Application IP Block
        .
        You can add a single Application IP Block, or multiple blocks depending on your deployment. For example, if 10.64.10.0/24 and 10.64.11.0/24. You can also
        Enable Advertise Application IP Block to Remote Networks
        .
        Use RFC 1918 or RFC 6598 addresses. You can specify an RFC 1918 address pool during ZTNA Connector setup instead of RFC 6598; however, you cannot change the address pool type back to RFC 6598 after you specify RFC 1918.
      • Set the
        Connector IP Blocks
         that Prisma Access will use internally to route traffic between mobile users, remote networks and the connector VMs in your data centers.
        You can add a single Connector IP Block, or multiple blocks depending on your deployment. For example, enter 10.65.10.0/24 and 10.65.11.0/24.
      • Click
        OK
         to save the IP address block configuration and then
        Commit
         and push the configuration.
    2. Launch ZTNA Connector from the Cloud Services Plugin on Panorama.
      • Select
        Panorama
        Cloud Services
        ZTNA Connector
        .
      • Click the
        Prisma Access App
         to launch ZTNA Connector in the Prisma Access app on the hub.
      • From the Prisma Access app, select
        Settings
        ZTNA Connector
        .
      • If you haven't already done so,
        Enable ZTNA Connector
        .
      • Prisma Access begins setting up the infrastructure for the ZTNA Connector. This may take a few minutes.
      • When onboarding finishes, the ZTNA Connector Overview displays.

    Recommended For You

    © 2023 Palo Alto Networks, Inc. All rights reserved.