With this blog I would like to highlight how to retrieve the IP addresses for Prisma Access.
As always, those of us on the LIVEcommunity team strive to share information that will be useful to you, whether at the beginning of your journey with Palo Alto Networks or even as a long-time veteran user. Hopefully today's blog will provide you with Prisma Access knowledge that, while it may not be new to you, educates or refreshes your existing know-how. Let's jump in!
If you are manually adding the IP addresses of your Prisma Access infrastructure to an allow list in your network, or if you are using an automation script to enforce IP-based restrictions to limit inbound access to enterprise applications, you should understand what these addresses do and why you need to allow them, as well as the tasks you perform to retrieve them.
While you do not perform these tasks until after you complete your Prisma Access configuration, it is useful to understand these concepts in advance, so you understand what to do after your deployment is complete.
Mobile User Deployment: with Prisma Access for mobile users, the infrastructure is deployed for you and scales based on the number of active users and their locations
Remote Network Deployment: as you business scales and your office locations become geographically distributed, Prisma Access for networks allows you to speedily onboard your remote network locations and deliver best-in-breed security for your users.
Clean Pipe Deployment: To allow organizations that manage the IT infrastructure of other organizations, such as service providers, MSSPs, or Telcos, to quickly and easily protect outbound internet traffic for their tenants, Palo Alto Networks provides Prisma Access for Clean Pipe.
Prisma Access uses gateway and portal IP addresses in mobile user deployments. These IP addresses are known collectively as egress IP addresses. If you require these egress IP addresses before you onboard the location (for example, if your organization needs to add the egress IP addresses to allow lists to give mobile users access to external SaaS applications), you canrun an API scriptto have Prisma Access pre-allocate these IP addresses for a location ahead of time, before you onboard it. You can then add the location’s egress IP addresses to your organization’s allow lists before onboarding the location. Find out more details and follow these instructions to pre-allocate IP addresses for Mobile User Loc...
There are still keywords and parameters that are available in the legacy API scripts used with Prisma Access. these commands are superseded as of Prisma Access 1.5; however, they are still supported for when you need to obtain the loopback address, or for deployments that use them in scripts or other automated tools. More information on Legacy Scripts Used to Retrieve IP and Loopback Addresses