- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
01-27-2021 11:39 AM
What are the sizing guidelines for the infrastructure subnet for prisma access? I've read the below, and I know it's for services to talk to each other on the backend for prisma/use services. But what are the sizing guidelines, and what does one base this off of? It states "large number of IP address will be required" - but I have yet to find exact sizing recommendations for the deployment of this. Does everyone just use a /24 and call it good? How do you know you won't eventually run into problems with a infrastructure subnet this size, and how does these IP's get split up on prisma for use in requesting services/or talking between remote locations?
from the links:
establish a network infrastructure between your remote network locations, mobile users, and service connections to your headquarters/data center (if applicable). The IP addresses in this subnet also enable Prisma Access to determine the service routes for services such as LDAP, DNS, or SCEP, as well as enable other inter-service communication. Because a large number of IP addresses will be required to set up the infrastructure, you must use a /24 subnet (for example, 172.16.55.0/24) at a minimum.
https://live.paloaltonetworks.com/t5/prisma-access-customer-success/mobile-users/ta-p/362711
01-28-2021 12:57 AM
HI,
Infra subnet recommanded size is /24. To be honnest, they is only few info about how prisme is using this subnet. it's part of the " Prisma Internal recipe".
It's like for user subnet for mobile user, minimum size is /23 ... why. It's like that 🙂
At the end, we already deployed many infra on prisma and it works pretty well. Mabe more info in futur.
Rgds
V.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!