10-03-2023 11:46 AM
Hello,
We have a service connector from Prisma to one of our VM-NGFW's in AWS. We are looking to add another corporate subnet to that service connection so staff connected to Prisma, will be able to access that subnet via GlobalProtect\Prisma.
My question is when I open the service connection, add an additional subnet to the static routes > corporate subnets, and click okay and commit\push, will there be any sort of service interruption to downstream users? Will users just need to refresh their global protect connection to get those new routes available to them over prisma?
10-09-2023 01:04 AM
internally all routing is distributed among all components (SPN & CAN) via ibgp
So, when you add a new static route to a service connection, all the other components will learn that this service connection now owns this route so routing tables are updated to reflect this. users will automatically be routed to the new route once the commit is completed
There shouldn't be any downtime unless that subnet is currently being used somewhere else (and is being accessed by merit of a default route?)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
