Service Infrastructure Requirements

• You can assign Prisma Access an infrastructure subnet from a existing supernet in your organization’s IP address pool, but do not assign any of the IP addresses from the infrastructure subnet for any other use in your existing network.
  The following example shows a Prisma Access infrastructure subnet, 10.10.1.0/24, that you assigned from an existing supernet, 10.0.0.0/8. After you assign 10.10.1.0/24 as the infrastructure subnet, your organization cannot use any IP addresses from that subnet. For example, you can assign 10.10.2.1 to an endpoint, but 10.10.1.1 is not allowed because that IP address is part of the infrastructure subnet.

• If you create a new subnet for the infrastructure subnet, use a subnet that does not overlap with other IP addresses you use internally.
• (Recommended) Use an RFC 1918-compliant subnet. While the use of non-RFC 1918-compliant (public) IP addresses is supported, we do not recommend it, because of possible conflicts with internet public IP address space.
• Do not specify any subnets that overlap with the following IP addresses and subnets, because Prisma Access reserves those IP addresses and subnets for its internal use.:
  • 169.254.169.253 and 169.254.169.254
  • 100.64.0.0/10
  • 169.254.201.0/24
  • 169.254.202.0/24
• The subnet cannot overlap with the IP address pools you plan to use for the address pools you assign for your mobile users deployment.
• Because the service infrastructure can be very large, you must designate a /24 subnet at a minimum.