Prisma Access for Networks uses the concept
of an Infrastructure Subnet when creating the Service Setup under the
plugin. The Infrastructure Subnet is required for services within
a given Prisma Access Tenant.
When you create an Infrastructure
Subnet, the last usable IP address provided becomes the following
set of services within Prisma Access:
Captive Portal
Redirect IP Address
Remote Network DNS Proxy IP Address
Tunnel Monitor IP Address
When the CloudBlade creates
a standard VPN to Prisma Access, the default is to use the Tunnel
Monitor IP Address within the Prisma Access Infrastructure, using
a Liveliness probe. There may be times when a probe may need to
be changed from the default, to monitor additional services external
of Prisma Access for a given business requirement.
Within the CloudBlade, the default is to use the
last usable Infrastructure IP address. To utilize a different Liveliness
Probe, uncheck the box within the CloudBlade.
To configure a custom Liveliness Probe, navigate to PoliciesStacked Policies within
the Prisma SD-WAN controller.
Navigate to and click Service & DC Groups.
Within the Service & DC Groups,
look for and click Endpoints.
The default
view within Endpoints will be Prisma SD-WAN.
Click Standard VPN from the drop-down.
For a given Prisma Access Region, find and click Liveliness
Probe.
The default
probe for Prisma Andorra which was chosen in this section is using
the last usable IP address in the Infrastructure Subnet.
To add another IP address or modify the probe, edit or
add an ICMP ping as appropriate.
In the following example, an additional ICMP probe is added.
For this standard VPN to Prisma Access (Prisma Andorra),
an additional ICMP probe to 8.8.8.8 is added to the Liveliness Probe.
Repeat this step for each location that needs to be adjusted
for a given business requirement.