Service IP and Egress IP Address Allocation for Remote Networks
How Prisma Access provides language localization for
remote networks using egress IP addresses.
Prisma Access has more than 100 locations available
to accommodate worldwide deployments and provide a localized experience.
Two locations might map to the same Service IP address,
which you use as the peer IP address when you set up the IPSec tunnel
for the remote network connection. However, the locations might
use different egress IP addresses to make sure that the user gets
the correct default language for the region.
Service connections do
not support language localization because egress to the internet
is not supported over service connections. Prisma Access allocates
only one service IP address per service connection, and that IP
address is geographically registered to the compute location that
corresponds to the location you specify during onboarding.
The following example shows a customer deployment with two remote
network locations deployed in Canada: Central Canada and Canada
East. Prisma Access assigned the same Service IP Address to
both locations. When you configure the remote network tunnel, use
this IP address as the peer IP address when you create the IPSec
tunnel for the remote network connection.
However, Canada East uses a different default language (French)
than Central Canada (English). For this reason, Prisma Access assigns
them different egress IP addresses. If you run the API script for egress
IP addresses, you will receive two different IP addresses for these
two locations.