05-12-2025 07:42 PM
Hello
I would like to know the upper limits for tunnel settings in the GlobalProtect app in PrismaAccess.
① Upper limit for tunnel settings profiles
② Upper limit for IP address matches
③ Upper limit for routes to exclude
The background is that we plan to use GP with PrismaAccess at 30 companies with over 100 locations, and we would like to route as much traffic as possible through Prisma. * We will also set up MU and VPN within the company.
Thank you.
05-13-2025 12:23 AM
Hi @H.Tsuboi ,
The firewall can handle up to 100 excluded routes in a split tunnel setup. But if you're using GlobalProtect app version 4.1 or newer, you can have up to 200 excluded routes instead.
Prisma Access allows for the creation of up to 10,000 IP address pools per tenant. Each pool can be linked with specific match criteria such as user ID, user group, or location group.
As for the maximum number of tunnel settings profiles... I was unable to find the exact number in the documentation. That being said, as mentioned, Prisma Access supports up to 10,000 IP address pool profiles per tenant and each profile can contain up to 10 IP prefixes and support up to 256 users.
This provides some insight into the scalability of IP address assignments but I would recommended reaching out to TAC for precise limits on tunnel settings profiles.
Kind regards,
-Kim.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
