>
    Configure Prisma Access for Mobile Users in China
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma Access
    3. Onboard Mobile Users and Branch Offices in Mainland China
    4. Onboard Mobile Users in Mainland China to Prisma Access
    5. Configure Prisma Access for Mobile Users in China
    Download PDF
    Prisma Access

    Configure Prisma Access for Mobile Users in China

    Table of Contents

    Configure Prisma Access for Mobile Users in China

    Where Can I Use This?
    What Do I Need?
    • Prisma Access (Panorama Managed)
    To begin the process to provide secure access to mobile users in China, you set up either a service connection or a remote network connection in Prisma Access by completing the following steps.
    The type of connection you choose (service or remote network connection) depends on the type of access you need to provide. To provide access to internal applications or to send all traffic to a data center, use a service connection. To provide access to internet resources such as SaaS applications or publicly accessible partner applications, use a remote network.
    1. In the Panorama that manages Prisma Access, select
      Network
      Network Profiles
      IKE Crypto
      Add
       and
      Add
       an IKE crypto profile for the IPSec tunnel.
      Select the template you want to use for the connection. If you are creating a service connection, select
      Service_Conn_Template
      ; if you are creating a remote network connection, select
      Remote_Network_Template
      .
    2. Give the profile a name and specify IKE settings.
      Make a note of these settings; you specify the same settings when you create the IPSec tunnel in the router instance you configure in Alibaba Cloud.
    3. Select
      Network
      Network Profiles
      IPSec Crypto
       and create a new IPSec crypto profile in Panorama, making a note of the settings you specify.
      Skip this step if you have already created an IPSec crypto profile.
    4. Select
      Network
      Network Profiles
      IKE Gateways
       and
      Add
       a new IKE gateway, specifying the following parameters:
      • Specify a
        Version
         of
        IKEv2 only mode
        .
      • Specify a
        Peer IP Address Type
         of
        Dynamic
        .
      • Enter a
        Pre-Shared Key
        .
      • Specify
        User FQDN (email address)
         for
        Local Identification
         and
        Peer Identification
         and enter the IP addresses to use.
    5. Select
      Advanced Options
       and enable
      NAT Traversal
      .
    6. Select
      Network
      IPSec Tunnels
       and
      Add
       an IPSec tunnel, specifying the
      IPSec Crypto Profile
       you just created.
    7. Onboard a new service connection or remote network connection, specifying the following parameters:
      • Select a location that is close to the location of VPC 2.
      • Enter placeholder
        Corporate Subnets
         (for service connections) or
        Branch IP Subnets
         (for remote network connections). You add valid subnets when you deploy the VM-series firewall in Alibaba cloud after you create Linux instances in the Alibaba Cloud VPCs.
        This example uses static routes; you can also configure BGP routing for your deployment.
    8. Commit your changes to Panorama (
      Commit
      Commit to Panorama
      ), then commit and push your changes (
      Commit
      Commit and Push
      ).
    9. Select
      Panorama
      Cloud Services
      Status
      Network Details
       and note the
      Service IP Address
       for the service connections you onboarded.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.