When you onboard a mobile user location, Prisma Access provides you with two egress IP addresses - one active IP address and one address to use in case of an autoscale event. The following provides examples of how Prisma Access allocates and provisions egress IP addresses after an autoscale event.

Autoscale Event—If a large number of mobile users log in to a mobile user location at the same time, that event might cause Prisma Access to allocate an additional set of two egress IP addresses to accommodate the large number of users. After you have allow listed the first two egress IP addresses, the status before an autoscale event shows the two egress IP addresses as being allow listed with a confirmed status of 2/2 Egress IPs Confirmed Allow Listed, a provisioning status of Provisioned, and an autoscale status of Allowed, as shown in the Hong Kong location in the following screenshot.

If a large number of mobile users log in to the Hong Kong location at the same time, Prisma Access makes the backup egress IP address active and allocates two more IP addresses and makes one of them active. When an autoscale event occurs, the egress IP addresses have been allocated but not provisioned, the confirmed status is 2/4 Egress IPs Confirmed Allow Listed, and the provisioning status shows Provisioned without enough capacity. In addition, the autoscale status shows Not Allowed, which means that Prisma Access will not provision the extra egress IP address to your deployment if an autoscale event occurs.

After you have added the new egress IP addresses to your allow lists, select the location name; then, select Added to My Allow List for the two IP addresses that were added and Commit and Push your changes.

When complete, the Hong Kong location shows that all four egress IP addresses are confirmed and provisioned, and autoscaling is active.