Add Tenants to Prisma Access

Log in to Panorama as a superuser.

Add and configure the tenant.

Select
Panorama
Cloud Services
Configuration
, then
Add
a new tenant.
Be sure that you select
Remote Networks/Mobile Users
; to create and configure a Clean Pipe deployment, see Create and Configure Prisma Access for Clean Pipe.
Specify a descriptive
Name
for the tenant.
Add
a new
Access Domain
, give it a descriptive
Name
, and click
OK
to return to the
Tenants
window.
After you click
OK
, Prisma Access automatically creates templates, template stacks, and device groups and associates them to the access domain you create.

Specify the amount of

Bandwidth (Mbps)

to allocate for the

Remote Networks

and the number of

Users

to allocate for the

Mobile Users

.

(

Deployments with Autonomous DEM Only

) If you have purchased an Autonomous DEM (ADEM) license, select the number of units to allocate for ADEM.

Use the following guidelines when allocating ADEM units for a tenant:

The number of ADEM units you can allocate for mobile users and remote networks can be only equal to or less than base license.
The minimum number of units you can allocate is 200.
After you allocate the ADEM units for a tenant, you can edit or remove those units.
If you did not purchase an ADEM license for your deployment type (Mobile Users or Remote Networks), that choice is grayed out.



Click

OK

to create the first tenant.

Make sure that Prisma Access applied the template stack, template, and device group service settings to the service connection settings of the tenant you just created.

Select the tenant you created from the

Tenant

drop-down.



Select

Panorama

Cloud Services

Configuration

Service Setup

.

Click the gear icon to the right of the

Settings

area to edit the settings.

Make sure that Prisma Access has associated the template stack (

sc-stk-

tenant

), template (

sc-tpl-

tenant

), and device group (

sc-dg-

tenant

) to your service connection settings.

Make sure that the

Parent Device Group

is set to

Shared

and click

OK

.



Make sure that Prisma Access applied the template stack, template, and device group to the remote network settings.

Select

Panorama

Cloud Services

Configuration

Remote Networks

and click the gear icon to the right of the

Settings

area to edit the settings.

Make sure that the Prisma Access has associated the template stack (

rn-stk-

tenant

), template (

rn-tpl-

tenant

), and device group (

rn-dg-

tenant

) to your remote network settings.

Make sure that the

Parent Device Group

is set to

Shared

and click

OK

.



Make sure that Prisma Access applied the template stack, template, and device group to the mobile user settings.

Select

Panorama

Cloud Services

Configuration

Mobile Users

and click the gear icon to the right of the

Settings

area to edit the settings.

Make sure that the Prisma Access has associated the template stack (

mu-stk-

tenant

), template (

mu-tpl-

tenant

), and device group (

mu-dg-

tenant

) to your remote network settings.

Make sure that the

Parent Device Group

is set to

Shared

and click

OK

.



Mobile User deployments only

—Add an infrastructure subnet, then commit and push your changes to make them active in Prisma Access.

These steps are required for the mobile user changes to take effect.

Select
Panorama
Cloud Services
Configuration
Service Setup
, click the gear icon to edit the Settings, and configure an infrastructure subnet.
Select
Commit
Commit and Push
,
Edit Selections
in the Push Scope, and make sure that
Mobile Users
is selected.
Click
OK
to save your changes to the Push Scope.
Commit
and
Push
your changes.

Select the new tenant you created by selecting

Panorama

Cloud Services

Configuration

tenant-name

and continue the configuration of your tenant.

Configure the Service Infrastructure.

Create a Service Connection to Allow Access to Private Apps.

Onboard and Configure Remote Networks if you are licensed for remote networks.

Set Up GlobalProtect on Panorama Managed Prisma Access if you are licensed for remote users.