05-29-2025 09:38 PM
For RN and SC, the IP address assigned from the service infrastructure IP is set as the loopback address, but
when IP Optimization is enabled, will the MU-SPN have an IP address assigned from the service infrastructure IP?
If so, is there a way to check that IP address using an API or something?
06-03-2025 11:58 AM
@y.saitou wrote:
For RN and SC, the IP address assigned from the service infrastructure IP is set as the loopback address, but
when IP Optimization is enabled, will the MU-SPN have an IP address assigned from the service infrastructure IP?
If so, is there a way to check that IP address using an API or something?
Hello @y.saitou , Yes, when IP Optimization is enabled in Prisma Access, the Mobile User Security Processing Node (MU-SPN) may receive an IP address assigned from the service infrastructure IP pool. This optimization helps reduce the number of IP addresses required for deployment while improving resiliency and simplifying allow-listing workflows. To check the assigned IP address using an API, you can retrieve Prisma Access IP addresses through the API. Specifically, you need to query the serviceType for gp_gateway and gp_portal to get the egress IP addresses used by Prisma Access. Also, querying the addrType for network_load_balancer will provide ingress IP addresses that may be relevant for your deployment. For more details on retrieving Prisma Access IP addresses via API, you can refer to the official documentation: https://docs.paloaltonetworks.com/prisma-access/administration/prisma-access-setup/retrieve-ip-addre....
I hope you find this helpful.
06-03-2025 11:58 AM
@y.saitou wrote:
For RN and SC, the IP address assigned from the service infrastructure IP is set as the loopback address, but
when IP Optimization is enabled, will the MU-SPN have an IP address assigned from the service infrastructure IP?
If so, is there a way to check that IP address using an API or something?
Hello @y.saitou , Yes, when IP Optimization is enabled in Prisma Access, the Mobile User Security Processing Node (MU-SPN) may receive an IP address assigned from the service infrastructure IP pool. This optimization helps reduce the number of IP addresses required for deployment while improving resiliency and simplifying allow-listing workflows. To check the assigned IP address using an API, you can retrieve Prisma Access IP addresses through the API. Specifically, you need to query the serviceType for gp_gateway and gp_portal to get the egress IP addresses used by Prisma Access. Also, querying the addrType for network_load_balancer will provide ingress IP addresses that may be relevant for your deployment. For more details on retrieving Prisma Access IP addresses via API, you can refer to the official documentation: https://docs.paloaltonetworks.com/prisma-access/administration/prisma-access-setup/retrieve-ip-addre....
I hope you find this helpful.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
