Prisma Access commit fails with error "The Prisma Access infrastructure team is looking into the commit issue. Go to the Prisma Access Dashboard for real-time status information" When reducing mobile user IP pool.
5805
Created On 04/08/23 03:11 AM - Last Modified 12/08/23 03:11 AM
Symptom
- Reduce or modify the mobile user IP Pool
- Now commit fails with a generic error "The Prisma Access infrastructure team is looking into the commit issue. Go to the Prisma Access Dashboard for real-time status information."
- Changing the mobile user IP pool back to the old value fixes the issue
- Example: Changing mobile user IP pool from 192.168.0.0/22 to 192.168.0.0/23 causes failure.
Environment
- Prisma Access mobile users.
- IP Pool for mobile Users
Cause
- The number of mobile user locations enabled determines if an IP Pool can be used or not.
- Each mobile user location/SPN (Security process node) will need minimum of one /24 IP pool by design.
- In this scenario there are 4 mobile user compute locations enabled, hence using 192.168.0.0/23 fails as this provides only 2 pools whereas minimum of 4 are required.
Resolution
- Change the mobile user IP pools to be minimum /22 subnet based on the number of enabled locations.
- Alternatively, delete 2 of the mobile user locations which will free 2 /24 subnets/pools and allow the reduction of mobile user IP pool to /23 (which contains 2 /24 subnets)
Additional Information
Setup GlobalProtect for Mobile Users
IP Pools for GlobalProtect Moble Users Deployment