https://live.paloaltonetworks.com/t5/prisma-access-discussions/prisma-access-routing-between-tenants/m-p/520317#M427 <P>Hello to All,</P> <P>&nbsp;</P> <P>After reading much about this I am starting to think that internal routing between the Prisma Access tenants is not possible and the traffic should be send with Traffic Steering to a router that is on-prem and connected to the two tenants or use <SPAN><EM>use a dedicated service connection</EM></SPAN> with the traffic stearing but then the two tenants will talk with one another through the external Prisma Access public Ip addresses and not the internal ones.</P> <P>&nbsp;</P> <P><A href="https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama-admin/prisma-access-advanced-deployments/service-connection-advanced-deployments/use-traffic-forwarding-rules-with-service-connections" target="_blank">https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama-admin/prisma-access-advanced-deployments/service-connection-advanced-deployments/use-traffic-forwarding-rules-with-service-connections</A></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>I could be wrong but this seems the only way but this is a little limiting as for example to stop SIP ALG function of the SIP application is done with per device group and for a prisma access only one device group is used so this can't be stopped for a&nbsp; just single Remote Network connection.</P> <P>&nbsp;</P> <P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEsCAK" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEsCAK</A></P> <P>&nbsp;</P> <P><A href="https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/app-id/disable-the-sip-application-level-gateway-alg" target="_blank">https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/app-id/disable-the-sip-application-level-gateway-alg</A></P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 04 Nov 2022 13:10:07 GMT nikoolayy1 2022-11-04T13:10:07Z https://live.paloaltonetworks.com/t5/prisma-access-discussions/prisma-access-routing-between-tenants/m-p/520317#M427 <P>Hello to All,</P> <P>&nbsp;</P> <P>After reading much about this I am starting to think that internal routing between the Prisma Access tenants is not possible and the traffic should be send with Traffic Steering to a router that is on-prem and connected to the two tenants or use <SPAN><EM>use a dedicated service connection</EM></SPAN> with the traffic stearing but then the two tenants will talk with one another through the external Prisma Access public Ip addresses and not the internal ones.</P> <P>&nbsp;</P> <P><A href="https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama-admin/prisma-access-advanced-deployments/service-connection-advanced-deployments/use-traffic-forwarding-rules-with-service-connections" target="_blank">https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama-admin/prisma-access-advanced-deployments/service-connection-advanced-deployments/use-traffic-forwarding-rules-with-service-connections</A></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>I could be wrong but this seems the only way but this is a little limiting as for example to stop SIP ALG function of the SIP application is done with per device group and for a prisma access only one device group is used so this can't be stopped for a&nbsp; just single Remote Network connection.</P> <P>&nbsp;</P> <P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEsCAK" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEsCAK</A></P> <P>&nbsp;</P> <P><A href="https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/app-id/disable-the-sip-application-level-gateway-alg" target="_blank">https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/app-id/disable-the-sip-application-level-gateway-alg</A></P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 04 Nov 2022 13:10:07 GMT https://live.paloaltonetworks.com/t5/prisma-access-discussions/prisma-access-routing-between-tenants/m-p/520317#M427 nikoolayy1 2022-11-04T13:10:07Z