How BGP Advertises Mobile User IP Address Pools for Service
Connections and Remote Network Connections
If you enable BGP for service connections or remote
network connections, after you Secure Mobile Users With GlobalProtect, Prisma Access
allocates the mobile user IP address pools you specified using Class
C (/24) address blocks. BGP therefore advertises allocated mobile
user subnets in blocks of /24, rather than the entire pool(s) associated
with that region. When Prisma Access adds a /24 subnet for a Prisma
Access gateway, it automatically sends a BGP advertisement. As subnets
are added and removed, Prisma Access automatically updates its BGP
advertisements. This allocation method provides more flexibility
when advertising BGP routes, especially if you configured a Worldwide pool
instead of allocating pools per region. Dividing the IP address
pool into smaller subnets allows the same subnet to be added, removed,
or deleted and then reused in different regions when allocated address
space is exhausted.
The following screenshot, from PanoramaCloud ServicesStatusNetwork DetailsMobile Users—GlobalProtect, shows
three /20 IP pools for mobile users divided by region.
The RIB Out table, from PanoramaCloud ServicesStatusNetwork DetailsService ConnectionShow BGP Status (in
the Branch AS and Router area), shows the
mobile users address pool divided into blocks of /24 subnets for
BGP route advertisements. Note that the entire /20 subnets are not
advertised.