How to make Remote Network Users in Prisma Access working with Zero Trust Network Access (ZTNA)

How to make Remote Network Users in Prisma Access working with Zero Trust Network Access (ZTNA)

1775
Created On 07/05/23 05:58 AM - Last Modified 07/12/24 02:23 AM


Objective


This knowledge base article provides guidance on how remote network users of Prisma Access can utilize Zero Trust Network Access (ZTNA) , specifically focuses on configuring DNS resolution for ZTNA apps to ensure smooth operation.

Environment


  • Prisma Access 4.0+
  • Zero Trust Network Access (ZTNA)
  • DNS

Procedure


  1. Determine the Infrastructure Subnet:

    • Identify the infrastructure subnet used in your Prisma Access deployment. For the purpose of this example, let's assume the infrastructure subnet is 192.168.0.0/16.

  2. Find the Last Usable IP Address:

    • Determine the last usable IP address within the infrastructure subnet. In our example (192.168.0.0/16), the last usable IP address is 192.168.255.254.

  3. Configure DNS Resolver IP:

    • Configure the clients used by remote network users to use the last usable IP address obtained in the previous step (192.168.255.254) as the DNS server IP

       

   

Additional Information


  • ZTNA relies on DNS proxy, so configure the correct DNS for the Remote Networks (RN) users.
  • For Mobile Users, this DNS server will be automatically pushed by Global Protect Agent, however, in RN, this needs to either be manually configured to clients or DHCP server to push to clients.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000bqICCAY&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail