>
    Strata Copilot
    Changes to Default Behavior for Prisma Access 6.1 and 6.1.1
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma Access
    3. Prisma Access Release Information
    4. Changes to Default Behavior for Prisma Access 6.1 and 6.1.1
    Download PDF
    Prisma Access

    Changes to Default Behavior for Prisma Access 6.1 and 6.1.1

    Table of Contents

    Changes to Default Behavior for Prisma Access 6.1 and 6.1.1

    Where Can I Use This?What Do I Need?
    • Prisma Access (Managed by Strata Cloud Manager)
    • Prisma Access (Managed by Panorama)

    Changes to Default Behavior for Prisma Access 6.1.1

    The following table details the changes in default behavior for Prisma Access version 6.1.1.
    ComponentChange
    Potential IP Address Changes During Location Reboarding
    Starting March 20, 2026, if you remove (deboard) and then re-add (onboard) the same location, Prisma Access might assign a different public IP address to that location. This behavior applies to the following location types in a subset of Prisma Access locations:
    Affected deployments—This potential IP address change affects Prisma Access deployments where:
    • You’ve deboarded and then onboarded the same location in an affected location.
    • You’ve pre-allocated IP addresses in an affected mobile user location.
    Affected locations—This change only affects the following locations:
    • Australia South
    • Canada Central
    • Canada East
    • France South
    • Japan Central
    • Japan South
    • Saudi Arabia
    • South Korea
    • Sweden
    • Switzerland
    • United Arab Emirates
    • UK
    • US West
    • US East
    Required actions:
    For mobile user locations: After deboarding the new location, we recommend that you run the API with an action_type of preallocate or use the IP Capacity Planning feature to check the IP addresses for your locations against your existing allow lists.
    For remote network, service connection, or explicit proxy locations: Verify the IP address by running the API script or navigating to the Strata Cloud Manager or Panorama UI, locating the reboarded location, and verifying the assigned IP address against your existing allow lists.
    • If the IP address remains the same, you do not need to take further action.
    • If Prisma Access assigns a new IP address, add the new address to your organization’s allow lists to ensure continued connectivity.
    • For Explicit Proxy location, if the Ingress IP (NLB IP) also changes, you may need to adjust the on-premises firewall rules to allow this new ingress IP address.

    Changes to Default Behavior for Prisma Access 6.1

    The following table details the changes in default behavior for Prisma Access version 6.1.
    ComponentChange
    Locations added to New and Existing Prisma Access DeploymentsThe following locations Prisma Access are supported starting with Prisma Access 6.1. New deployments have these locations added automatically; for existing deployments, each out to your Palo Alto Networks account representative to add them, who will contact the Site Reliability Engineering (SRE) team and submit a request.
    The following functionality is not supported for these locations:
    If you require additional functionality, we recommend that you onboard alternate locations.
    Location Groups Changing for the Mexico Central and Mexico West Mobile User Locations
    The Mexico Central and Mexico West locations are changing their IP pool location group starting with the Prisma Access 6.1 release. If you have enabled the Prisma AccessMexico Central or Mexico West mobile user locations, and have created mobile user IP address pools based on location groups, be aware that the location groups have changed:
    • The Mexico Central location changed from ip-pool-group-31 (US-Central) to ip-pool-group-1 (US-Eastern).
      If you’ve enabled the Mexico Central Prisma Access Mobile User location and have added a mobile user IP address pool based on ip-pool-group-31 (US-Central), an update in the Prisma Access infrastructure caused the Strata Cloud Manager or Panorama UI to show Mexico Central in its new pool group ip-pool-group-1 (US-Eastern). However, the Prisma Access infrastructure continues to provide IP addresses from ip-pool-group-31 (US-Central). This is a cosmetic issue and will not cause connectivity issues provided that the IP address pool group is not modified.
    • The Mexico West location changed from ip-pool-group-23 (US-Western) to ip-pool-group-1 (US-Eastern).
      If you’ve enabled the Mexico West Prisma Access Mobile User location and have added a mobile user IP address pool based on ip-pool-group-23 (US-Western), an update in the Prisma Access infrastructure caused the Strata Cloud Manager or Panorama UI to show Mexico West in its new pool group ip-pool-group-1 (US-Eastern). However, the Prisma Access infrastructure continues to provide IP addresses from ip-pool-group-23 (US-Western). This is a cosmetic issue and will not cause connectivity issues provided that the IP address pool group is not modified.
    To align with the updated Private IP allocation structure, if you are affected, you must perform the following steps immediately:
    1. Preallocate public IP address for Mexico Central and Mexico West Prisma Access location using APIs, or contact your Palo Alto Networks account representative to assist with this process.
    2. Allow list these public IP addresses in your SaaS applications.
    3. Deboard the Mexico Central Prisma Access location.
    4. Deboard the Mexico West Prisma Access location.
    5. Push your configuration (Push ConfigPush for Prisma Access (Managed by Strata Cloud Manager) deployments or CommitCommit & Push Prisma Access (Managed by Panorama) deployments) to save the changes
    6. After the push is successful, re-onboard the Mexico Central and Mexico West PA locations.
    7. Configuring new mobile user IP address pool allocation for users coming from these locations, using the new, correct pool group: US-Eastern (ip-pool-group-1).

    © 2026 Palo Alto Networks, Inc. All rights reserved.