Managing large SaaS allow lists, especially during Prisma® Access autoscaling events, creates significant administrative overhead. Prisma Access expands the existing IP Optimization functionality to address this challenge, offering support for both Mobile Users—GlobalProtect® and Explicit Proxy deployments.

For Mobile Users—GlobalProtect deployments, when a large number of users access a GlobalProtect gateway from a location, Prisma Access autoscales the location and adds another GlobalProtect gateway. IP Optimization uses a NAT layer so that the autoscaled gateway uses the same IP address as the previously allocated IP address, thus eliminating the need to add extra IP addresses to your organization's allow lists.

Prisma Access expands this NAT layer to Explicit Proxy connections, thereby providing consistent, low-management IP addresses for all supported mobile and proxy use cases. This Explicit Proxy NAT layer is beneficial if you're setting up a Mobile Users and Explicit Proxy deployment in Proxy Mode or Tunnel and Proxy Mode.