03-24-2023 10:35 AM
Some of our partners or vendors require us to specify a source IP address in order to be able to access their systems on the public Internet. Currently we just make their destination part of our split tunnel destination to our data center PANs and then the traffic takes on that source network IP. Is the same possible when you are using Prisma access?
03-27-2023 02:11 AM - edited 03-27-2023 03:02 AM
It is possible to see the source public ip addresses that your traffic will use on the Internet that will be given to you and retrive it API script then you can use it:
The prisma access IP addresses can change after time, so see the workaround at:
Also you have the option "Enable Source NAT for Mobile Users—GlobalProtect IP pool addresses, IP addresses in the Infrastructure Subnet, or both." under a Service connection but maybe dissable that so the Data Center can see the real user ip addresses. Check this:
Prisma Acess for now can't insert XFF (X-Forwarded-For) header which will make life easier as then you can use the real ip addresses but it is what it is.
For inbound traffic you can dissable SNAT this way you will see the real client ip addresses.
As you will starting to work with Prisma Access better take the Palo Alto training as to have the needed knowedge or atleast to see the youtube training EDU-118 that is old but still you will have some basic idea:
https://www.youtube.com/results?search_query=Prisma+Access+EDU-118
https://www.youtube.com/watch?v=1mRLEEV3CwM
https://www.youtube.com/watch?v=VX9an7QMGqE
https://www.youtube.com/watch?v=VX9an7QMGqE
That is it from me 🙂
03-27-2023 02:11 AM - edited 03-27-2023 03:02 AM
It is possible to see the source public ip addresses that your traffic will use on the Internet that will be given to you and retrive it API script then you can use it:
The prisma access IP addresses can change after time, so see the workaround at:
Also you have the option "Enable Source NAT for Mobile Users—GlobalProtect IP pool addresses, IP addresses in the Infrastructure Subnet, or both." under a Service connection but maybe dissable that so the Data Center can see the real user ip addresses. Check this:
Prisma Acess for now can't insert XFF (X-Forwarded-For) header which will make life easier as then you can use the real ip addresses but it is what it is.
For inbound traffic you can dissable SNAT this way you will see the real client ip addresses.
As you will starting to work with Prisma Access better take the Palo Alto training as to have the needed knowedge or atleast to see the youtube training EDU-118 that is old but still you will have some basic idea:
https://www.youtube.com/results?search_query=Prisma+Access+EDU-118
https://www.youtube.com/watch?v=1mRLEEV3CwM
https://www.youtube.com/watch?v=VX9an7QMGqE
https://www.youtube.com/watch?v=VX9an7QMGqE
That is it from me 🙂
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
