Use the following recommendations and requirements when
adding an infrastructure subnet:
You can assign Prisma Access an infrastructure subnet
from a existing supernet in your organization’s IP address pool,
but do not assign any of the IP addresses from the infrastructure subnet
for any other use in your existing network.
The following
example shows a Prisma Access infrastructure subnet, 10.10.1.0/24,
that you assigned from an existing supernet, 10.0.0.0/8. After you
assign 10.10.1.0/24 as the infrastructure subnet, your organization
cannot use any IP addresses from that subnet. For example, you can assign
10.10.2.1 to an endpoint, but 10.10.1.1 is not allowed because that
IP address is part of the infrastructure subnet.
If you create a new subnet for the infrastructure subnet,
use a subnet that does not overlap with other IP addresses you use
internally.
(Recommended) Use an RFC 1918-compliant subnet. While the
use of non-RFC 1918-compliant (public) IP addresses is supported,
we do not recommend it, because of possible conflicts with internet
public IP address space.
Do not specify any subnets that overlap with the following
IP addresses and subnets, because Prisma Access reserves those IP
addresses and subnets for its internal use.:
169.254.169.253
and 169.254.169.254
100.64.0.0/10
169.254.201.0/24
169.254.202.0/24
The subnet cannot overlap with the IP address pools you plan
to use for the address pools you assign for your mobile users deployment.
Because the service infrastructure can be very large, you
must designate a /24 subnet at a minimum.