>
    Create a Service Connection to Enable Access between Mobile Users and Remote Networks
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma
    3. Prisma Access
    4. Prisma Access Administrator’s Guide (Panorama Managed)
    5. Prepare the Prisma Access Infrastructure and Service Connections
    6. Create a Service Connection to Enable Access between Mobile Users and Remote Networks
    Download PDF

    Create a Service Connection to Enable Access between Mobile Users and Remote Networks

    Table of Contents

    Create a Service Connection to Enable Access between Mobile Users and Remote Networks

    We recommend always creating a service connection, even if you don’t need to access resources at your organization’s HQ or data center. You must configure a service connection to allow network communication between mobile users and remote network locations and between mobile users in different geographical locations.
    We recommend creating this type of service connection for the following environments:
    • Your deployment includes both remote networks and mobile users and you do not already have a service connection configured.
    • You have mobile users in different geographical areas who need direct access to each other’s endpoints.
    • You have already configured a service connection, but the existing service connection is not in an ideal location between the remote networks and mobile users.
      All remote network locations communicate to each other in a mesh network. Mobile users connect to remote networks using the service connection in a hub-and-spoke network. In some cases, it might improve network efficiency to place another service connection closer to the remote network or networks that the mobile users most frequently access.
    To configure a service connection to connect mobile users and remote networks, Add a service connection using the following values:
    • Specify a Region that is close to your mobile users.
    • Add an IPSec Tunnel and IKE Gateway, using placeholder values.
    • Add placeholder Corporate Subnets.
      Since Prisma Access doesn’t route any traffic through this tunnel, any value that does not conflict or overlap with other configured subnets is valid.
    The following example shows a Prisma Access deployment with mobile users in different geographical areas and remote networks. The remote network connections are connected in a mesh network in the Prisma Access infrastructure, but the mobile users cannot connect to the remote networks. In addition, the mobile users in different geographic areas cannot connect to each other without a service connection.
    After you add a service connection, the service connection connects the mobile users and the remote networks in a hub-and-spoke network.
    Another case where a service connection of this type is useful is when the service connection is far from the mobile users. The following figure shows an example of this network deployment.
    Adding a second service connection that is closer to the mobile users creates a more efficient network between the mobile users and remote networks.

    © 2024 Palo Alto Networks, Inc. All rights reserved.