>
    Add a New Compute Location for a Deployed Prisma Access Location
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma
    3. Prisma Access
    4. Prisma Access Advanced Deployments
    5. Advanced Deployments that Apply to All Prisma Access Types
    6. Add a New Compute Location for a Deployed Prisma Access Location
    Download PDF

    Add a New Compute Location for a Deployed Prisma Access Location

    Table of Contents

    Add a New Compute Location for a Deployed Prisma Access Location

    Learn about how IP addresses change and how to use a new compute location for an existing location.
    To optimize performance and improve latency, Prisma Access can introduce new compute locations for locations you have already deployed as part of a plugin upgrade. When you upgrade the plugin, the existing compute location-to-location mapping does not change, but you can choose to take advantage of the new compute location. If you change the compute location, Prisma Access changes the gateway and portal IP addresses (for mobile users) and Service IP addresses (for remote networks) for the location or locations to which the new compute location is associated. If you use allow lists in your network to provide users access to internet resources such as SaaS applications or publicly accessible partner applications, you need to add these new IP addresses to your allow lists.
    To upgrade to a new compute location after it becomes available, complete the following task.
    Since you need to allow time to delete and add the existing location and change your allow lists (for mobile users) or peer IPSec tunnel IP address (for remote network deployments), Palo Alto Networks recommends that you schedule a compute location change during a maintenance window or during off-peak hours.
    To reduce down time for mobile user deployments, use the API to pre-allocate the new mobile user gateway and portal IP addresses before you perform these steps.
    1. Add bandwidth for the new remote network compute locations.
      1. (
        Remote Network deployments that allocate remote network bandwidth by compute locations only
        ) Select
        Panorama
        Cloud Services
        Configuration
        Remote Networks
        .
      2. Click the gear icon in the
        Bandwidth Allocation
         area and add
        Bandwidth Allocation (Mbps)
         for the new compute location.
      3. Wait for the bandwidth to be reflected in the Allocated Total field at the top of the page; then, click
        OK
        .
    2. (
      Mobile User deployments only
      ) Retrieve the new gateway and portal IP addresses using the API script and add them to your allow lists.
    3. Delete the Service Connection, Remote Network connection, or Mobile User location associated with the new compute location.
    4. Commit and push your changes.
    5. Re-add the locations you just deleted.
    6. Commit and push your changes.
    7. (
      Remote Network and Service Connection deployments only
      ) Change your CPE to point to the new IP addresses for the IPSec tunnel for the remote network connection or service connection.
      For remote network connections, select
      Panorama
      Cloud Services
      Status
      Network Details
      Remote Networks
      , make a note of the
      Service IP Address
      , and configure the new Service IP Address as the peer address for the remote network IPSec tunnel on your CPE.
      For service connections, select
      Panorama
      Cloud Services
      Status
      Network Details
      Service Connection
      , make a note of the
      Service IP Address
      , and configure the new Service IP Address as the peer address for the service connection IPSec tunnel on your CPE.
    8. Select
      Panorama
      Cloud Services
      Status
      Network Details
      Remote Networks
      , make a note of the
      Service IP Address
      , and configure the new
      Service IP Address
       as the peer address for the remote network IPSec tunnel on your CPE.
      When you delete and re-add a remote network connection, the IP address of the IPSec tunnel on the Prisma Access side changes.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.