What is Outbound Routes for the Service used for?

What are Outbound Routes for the Service used for?

• Configuration path for Panorma Managed Prisma Access

• Configuration Path for Cloud Managed Prisma Access / Strata Cloud Manager

• Prisma Access
• Prisma Access Cloud Managed
• Prisma Access Panorama Managed
• Strata Cloud Manager

1. In some cases, one may need to use public address space for internal as well as external nodes.
2. Example, 1.1.0.0/16 address space is advertised to Prisma Access cloud over the Service Connection.
3. Also, one of the subnets or IPs from the same range ( for example 1.1.1.8) can be in use in the on-prem VPN gateway to form the IPsec tunnel.
4. This IPsec tunnel will not come up unless a /32 route on the Prisma Access node points towards the Internet.
5. Similarly, Mobile User connection to gateways will fail if the egress IP is a subset of the published Subnet as It needs to have the static route on all Mobile User gateways for a specific prefix (MU egress IP address subnet) towards the Internet.
6. The Outbound Routes for the Service feature will provide that leverage.
7. Once the subnet is added to the configuration, Prisma Access nodes will have a static route towards the Internet.

Caution:

• Do not add Infrastructure Subnet, Mobile Users Subnet, or the subnets advertised from the Service Connection and Remote Network. 
• If added, it will add a static route to those subnets pointing towards the Internet and will cause accessibility issues.