If you enable BGP for service connections or remote network connections, after you Secure Mobile Users With GlobalProtect, Prisma Access allocates the mobile user IP address pools you specified using Class C (/24) address blocks. BGP therefore advertises allocated mobile user subnets in blocks of /24, rather than the entire pool(s) associated with that region. When Prisma Access adds a /24 subnet for a Prisma Access gateway, it automatically sends a BGP advertisement. As subnets are added and removed, Prisma Access automatically updates its BGP advertisements. This allocation method provides more flexibility when advertising BGP routes, especially if you configured a Worldwide pool instead of allocating pools per region. Dividing the IP address pool into smaller subnets allows the same subnet to be added, removed, or deleted and then reused in different regions when allocated address space is exhausted.

The following screenshot, from PanoramaCloud ServicesStatusNetwork DetailsMobile Users—GlobalProtect, shows three /20 IP pools for mobile users divided by region.

The RIB Out table, from PanoramaCloud ServicesStatusNetwork DetailsService ConnectionShow BGP Status (in the Branch AS and Router area), shows the mobile users address pool divided into blocks of /24 subnets for BGP route advertisements. Note that the entire /20 subnets are not advertised.