Allow Listing GlobalProtect Mobile Users (Strata Cloud Manager)

1. Go to Manage Service SetupMobile Users.

   If you're using Strata Cloud Manager, go to WorkflowsPrisma Access SetupGlobalProtectInfrastructure and edit Prisma Access Locations settings.
2. Display the IP addresses for Prisma Access locations.

   1. Enable Egress IP Allowlist to display the IP addresses for onboarded Prisma Access locations.
   2. Copy and add the allocated IP addresses to the allowlists of your SaaS applications.
   3. Migrate to confirm the IP addresses allocated for the onboarded locations in Prisma Access.

3. Retrieve the IP addresses for new onboarded location or during an auto-scaling event.

   1. Select the Location name to find the new egress IP addresses allocated to the location.
   2. Select Confirmed adding to my IP Allowlist to add these IP addresses to the allowlists for your Saas applications before you confirm them in Prisma Access.

      If you have IPv6 addresses, select Confirmed adding to my IPv6 Allowlist.

4. Push your changes to Prisma Access.

Statuses of Allocated Egress IP Addresses

The status column in the Egress IP Allowlists indicates if all the allocated IP addresses for the locations are provisioned for your deployment. Read on to learn about each status.

• Provisioned - You have added the egress IP addresses to the allowlists of your SaaS applications, confirmed the IP addresses in Prisma Access, and pushed your changes to make them fully provisioned.
• Partially Provisioned - You have added the first set of egress IP addresses, confirmed them in the Prisma Access, and pushed your changes. However, Prisma Access has added another set of IP addresses as part of an auto-scale event, and those IP addresses are not confirmed in Prisma Access.
• Not Provisioned - Prisma Access has allocated IP addresses for the location, and you have added the egress IP addresses to the allowlists of your SaaS applications and confirmed them in Prisma Access, but you have not yet onboarded this location.
• Cannot be Provisioned - You have onboarded this location, but have not yet confirmed in Prisma Access and pushed your changes.

The Egress IP Allowlists table also indicates the number of IP addresses that are confirmed and yet to be confirmed in Prisma Access. For example, 1/2 means, 1 out of 2 IP addresses allocated for the location is confirmed in Prisma Access.