You need to make sure that you have specified an IP
address pool that allows enough coverage for the mobile users in
your organization. We recommend having at least one IP address in
your IP address pool for each unique mobile user in your organization
so they can log in simultaneously. If your pool space is limited,
however, you can specify a smaller address pool.
In Panorama, the UI validates the minimum IP address pool
and prompts you if changes are required. This validation is not
available if you configure locations using CLI. If you deploy all
locations using CLI, we recommend that you add a /18 address in
the Worldwide pool for mobile users.
Prisma Access checks your configuration to make sure that you
have specified the following minimum IP address pool:
If you specify a Worldwide address pool, a minimum of
/23 (512 IP addresses) is required if you have locations deployed
in one or two regions. If you have locations in three regions, a
minimum /19 (8,192) addresses is required.
You can divide
up your total subnets into smaller subnets; the minimum subnet you
can specify is /23.
If you specify IP address pools per region, a minimum of
512 IP addresses (/23 address pool) is required for each region
where you have locations deployed.
If you do not onboard any
Prisma Access gateways in a region, an IP address pool for that
region is not required. For example, if you specify gateways in
the US East, US Northwest, and US Northeast locations, you need
to only specify an IP address pool for the North America & South
If you specify a mix of Worldwide and regional pools, specify
IP address pools to ensure that there are at least 512 IP addresses
For example, for a three-region deployment, you
can specify 1,024 addresses in the Europe region and 512 addresses
A warning message displays if you specify an IP
address pool that is less than the total number of licensed mobile
users. If you determine that your deployment will not have all mobile
users log in concurrently, you can bypass this message and keep