Onboard the GlobalProtect Gateway and Configure the Prisma Access
To complete the mobile user setup for Prisma
Access, you create a GlobalProtect gateway and add that gateway
to the Prisma Access portal. You configure the gateway in the VM-series
firewall (Router 1) instance in VPC 1 in mainland China. After configuration
is complete, mobile users in mainland China connect to the Prisma
Access portal, which directs them to the GlobalProtect gateway in
To configure the gateway and portal for a
mainland China deployment, compete the following steps.
the IP address and subnet that you specified for the
interface (192.168.200.0/24 in this example).
the primary DNS IP address of the
Add and configure a DNS proxy to provide DNS services
to mobile users.
Specify the IP address of the Alibaba Cloud DNS server
To configure a different DNS proxy server to resolve
one or more
and specify the
address of your organization’s DNS server and your organization’s
) If redundancy is required, add
one more VM-series instance as a GlobalProtect gateway and a router
instance Router 2 in Alibaba Cloud. You can deploy this second set
in the same or different regions and it will operate as an additional
GlobalProtect gateway in China.