How is the GlobalProtect IP Pool assigned in Prisma Access
4673
Created On 10/30/22 07:31 AM - Last Modified 10/04/23 23:16 PM
Question
How is GlobalProtect IP Pool assigned in Prisma Access?
Environment
- Prisma Access Mobile Users
- GlobalProtect IP Pool
Answer
- When Prisma Access Gateways are onboarded, each Gateway will be assigned a block of /24 IP address pool and the assigned IP block stays with the gateway.
- This block of /24 IP address pool will be taken from available block to use in the regional pool first that is defined when onboarding Mobile Users.
- If the regional pool does not have available block of /24 IP address pool, GlobalProtect IP pool will be assigned from the next available pool in Worldwide pool.
Example, when onboarding Mobile Users, Prisma Access Gateways are selected on the following location,
- US West
- US Northwest
- US Central
- US Northeast
- Germany Central
- Hong Kong
On the IP pools tab, each regional and worldwide pool is defined as follow,
- North America & South America: 10.20.8.0/23
- Africa, Europe & Middle East: 10.20.10.0/23
- Asia, Australia & Japan: 10.20.12.0/23
- Worldwide: 10.20.20.0/22
Each of the gateway during onboarding will be assigned the following pool:
- US West : 10.20.8.0/24
- US Northwest: 10.20.9.0/24
- US Central: 10.20.20.0/24 >>> taken from next available block from Worldwide pool as there is no more available block under North America & South America pool
- US Northeast: 10.20.21.0/24 >>> taken from next available block from Worldwide pool as there is no more available block under North America & South America pool
- Germany Central: 10.20.10.0/24
- Hong Kong: 10.20.12.0/24