Mobile Users: IP Address Allocation
Learn about how Prisma Access allocated IP addresses
for mobile user deployments.
Where Can I Use
This? | What Do I Need? |
- Prisma Access (Managed by Strata Cloud Manager)
- Prisma Access (Managed by Panorama)
| |
After you set up your Prisma Access deployment, it is useful to know when IP addresses
change so that you can pro-actively plan your infrastructure, retrieve the IP addresses,
and add the required IP addresses to allow lists accordingly. The IP address changes can
be the result of changes you made (for example, adding another mobile users location) or
changes that Prisma Access performs automatically (for example, a large number of mobile
users accesses a single Prisma Access gateway).
After you deploy Prisma Access for users for the first time,
Prisma Access assigns two public and, if applicable, egress IP
addresses for each portal and gateway. These IP addresses are
unique, not shared, are dedicated to your Prisma Access deployment, and
remain allocated to your tenant until the Prisma Access subscription
expires and the grace period is over.
If you have a multitenant setup, Prisma Access adds dedicated
IP addresses for each tenant.
Since the public IP address is the source IP address used by
Prisma Access for requests made to an internet-based destination,
you may need to know what the public IP address are and add them
to an allow list in your network to provide your users access to
resources such as SaaS applications or publicly-accessible partner
applications.
New public IP addresses can be added to the tenant if the following
events occur:
A large number of mobile users access a location in the
same location.
To address the capacity requirement to service
large number of users,
Prisma Access may add one or more gateways,
Prisma Access adds one or more gateways to accommodate the increased
number of users,
assigns one or
more of the existing public IP addresses to the new gateway,
and adds a new set of IP addresses to the mobile user locations
to replace the ones that were used.
You add one or more locations to your deployment.
When
you add more locations, Prisma Access adds another gateway and a
new set of IP addresses for each new location you add.
Because
Prisma Access enables more public IP addresses after
a scaling event and after you add a location, you should
add an IP change event
notification URL, or use the API to retrieve mobile user
addresses, to be notified of IP address changes in your
Prisma Access
infrastructure. You can then add any added or changed addresses
to an allow list.