Secure Inbound Access for Remote Network Sites
Focus
Focus

Secure Inbound Access for Remote Network Sites

Table of Contents

Secure Inbound Access for Remote Network Sites

Prisma Access for remote networks allows outbound access to internet-connected applications. In some cases, your organization might have a requirement to provide inbound access to an application or website at a remote site, and provide secure access to that application for any internet-connected user—not just users who are protected by Prisma Access. For example:
  • You host a public-facing custom application or portal at a remote network site.
  • You have a lab or staging environment for which you want to provide secure access.
  • You have a need to provide access to an application or website to users who are not members of an organizational domain.
  • You have IoT devices that require access to an internal asset management, tracking, or status application.
To do this, create a remote network that allows secure inbound access. If you require outbound access as well as inbound access for a remote network site, create to remote networks in the same location—one for inbound access and one for outbound access.
While this solution can provide access for up to 50,000 concurrent inbound sessions per remote network, Palo Alto Networks does not recommend using this solution to provide access to a high-volume application or website.
To make internet-accessible applications available from a remote network site, you first make a list of the applications to which you want to provide access, and assign a private IP, port number, and protocol combination for each application. If you use the same IP address for multiple applications, the port/protocol combination must be unique for each application; if you use the same port/protocol combination for multiple applications, each IP address must be unique.
To begin configuration, you choose how many public IP addresses you want to associate for the applications. You can specify either 5 or 10 public IP addresses per remote network site. Each public IP allocation takes bandwidth (units) from your Remote Networks license, in addition to the bandwidth that you have allocated for the compute location associated to the remote network. 5 IP addresses take 150 Mbps from your remote network license allocation, and 10 IP addresses take 300 Mbps.
After you choose the number of public IP addresses, you then enter the application, along with its associated private IP/port number/protocol combination, for which you want secure inbound access.
You can decide how you want to map your application to the public IP addresses. By default, Prisma Access assigns the public IP addresses to the applications you specify, and multiple applications can be assigned to a single IP address. If you need to map a single application to a single public IP address, you can select Dedicated IP during system configuration. You can configure up to 100 inbound applications for each group of provisioned public IP addresses (either 5 or 10).