How to Change the Infrastructure Subnet of Prisma Access

How to Change the Infrastructure Subnet of Prisma Access

9247
Created On 02/06/19 21:21 PM - Last Modified 12/11/25 20:35 PM


Objective


Customers are not expected to change their Infrastructure subnet after Prisma Access firewalls are provisioned.

Environment


  • Panorama
  • Strata Cloud Manager (SCM)
  • PAN-OS 8.1 and above
  • Prisma Access

Procedure


The Prisma Access allocates the loopback IP addresses from the infrastructure subnet when you Configure the Prisma Access Service Infrastructure

Modifying the Infrastructure Subnet after the initial deployment requires assistance from Palo Alto Networks Support. 
Changing the value directly in the user interface and committing the change will not work and will not propagate to the Prisma Access environment.

The Infrastructure Subnet setting is located in the following paths:

    • Panorama > Cloud Services > Configuration > Service Setup > Settings > Infrastructure Subnet
       
    • Strata Cloud Manager > NGFW and Prisma Access > change the configuration scope to Prisma Access > Setup > Infrastructure Settings > General > Infrastructure Subnet 
       

 

To successfully change the subnet, please follow the required steps below:

  1. Contact Palo Alto Networks Support:
    Open a support case to Palo Alto Networks Support, and request the Infrastructure Subnet change.
    In the case description, please specify the new subnet you wish to configure.

  2. Await Backend Update Confirmation
    Our support team will perform the necessary update actions on the backend.
    This backend operation will not cause any immediate impact to your environment.
    You will receive a notification from Support once this task is complete.

  3. Perform Final Commit and Push
    After you receive confirmation from Support that the backend changes are complete, you must perform a final "Commit and Push" from your Panorama or Strata Cloud Manager.
    The new Infrastructure Subnet will be deployed and become active only after this commit is successfully pushed.

    Warning: Service Interruption
    This final commit will trigger a temporary but complete network interruption for your Prisma Access environment as the core network backbone IPs are reprovisioned.
    We strongly recommend performing this step during a planned maintenance window to minimise impact on your users.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CmkgCAC&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language