Prisma Access
Add Tenants to Prisma Access
Table of Contents
Expand All
|
Collapse All
Prisma Access Docs
-
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
-
-
-
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Add Tenants to Prisma Access
Prisma Access
Where Can I Use
This? | What Do I Need? |
---|---|
|
|
After you migrate the existing information as
a first tenant, you can create and configure additional tenants.
For each tenant you create after the first,
Prisma Access
creates
a separate access domain with its own set of template stacks and templates
and its own domain groups.Use this workflow to add more tenants
to
Prisma Access
.If you are creating an all-new multitenant
deployment, use this workflow to add the first tenant, as well as
additional tenants. See Create an All-New Multitenant Deployment for more
information.
- Log in to Panorama as a superuser.
- Add and configure the tenant.
- Select, thenPanoramaCloud ServicesConfigurationAdda new tenant.Be sure that you selectRemote Networks/Mobile Users; to create and configure a Clean Pipe deployment, see Prisma Access for Clean Pipe.
- Specify a descriptiveNamefor the tenant.
- Adda newAccess Domain, give it a descriptiveName, and clickOKto return to theTenantswindow.After you clickOK,Prisma Accessautomatically creates templates, template stacks, and device groups and associates them to the access domain you create.
- Specify the amount ofBandwidth (Mbps)to allocate for theRemote Networksand the number ofUsersto allocate for theMobile Users.
- (Deployments with Autonomous DEM Only) If you have purchased an Autonomous DEM (ADEM) license, select the number of units to allocate for ADEM.Use the following guidelines when allocating ADEM units for a tenant:
- The number of ADEM units you can allocate for mobile users and remote networks can be only equal to or less than base license.
- The minimum number of units you can allocate is 200.
- After you allocate the ADEM units for a tenant, you can edit or remove those units.
- If you did not purchase an ADEM license for your deployment type (Mobile Users or Remote Networks), that choice is grayed out.
- ClickOKto create the first tenant.
- Make sure thatPrisma Accessapplied the template stack, template, and device group service settings to the service connection settings of the tenant you just created.
- Select the tenant you created from theTenantdrop-down.
- Select.PanoramaCloud ServicesConfigurationService Setup
- Click the gear icon to the right of theSettingsarea to edit the settings.
- Make sure thatPrisma Accesshas associated the template stack (sc-stk-tenant), template (sc-tpl-tenant), and device group (sc-dg-tenant) to your service connection settings.
- Make sure that theParent Device Groupis set toSharedand clickOK.
- Make sure thatPrisma Accessapplied the template stack, template, and device group to the remote network settings.
- Selectand click the gear icon to the right of thePanoramaCloud ServicesConfigurationRemote NetworksSettingsarea to edit the settings.
- Make sure that thePrisma Accesshas associated the template stack (rn-stk-tenant), template (rn-tpl-tenant), and device group (rn-dg-tenant) to your remote network settings.
- Make sure that theParent Device Groupis set toSharedand clickOK.
- Make sure thatPrisma Accessapplied the template stack, template, and device group to the mobile user settings.
- Selectand click the gear icon to the right of thePanoramaCloud ServicesConfigurationMobile UsersSettingsarea to edit the settings.
- Make sure that thePrisma Accesshas associated the template stack (mu-stk-tenant), template (mu-tpl-tenant), and device group (mu-dg-tenant) to your remote network settings.
- Make sure that theParent Device Groupis set toSharedand clickOK.
- Commit your changes locally to Panorama (.CommitCommit to Panorama
- (Mobile User deployments only)—Add an infrastructure subnet, then commit and push your changes to make them active inPrisma Access.These steps are required for the mobile user changes to take effect.
- Select, click the gear icon to edit the Settings, and configure an infrastructure subnet.PanoramaCloud ServicesConfigurationService Setup
- Select,CommitCommit and PushEdit Selectionsin the Push Scope, and make sure thatMobile Usersis selected.
- ClickOKto save your changes to the Push Scope.
- CommitandPushyour changes.
- Select the new tenant you created by selectingand continue the configuration of your tenant.PanoramaCloud ServicesConfigurationtenant-name
- Onboard and Configure Remote Networks if you are licensed for remote networks.
- Set Up Global Protect for if you are licensed for remote users.