This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Total consumption of licenses allowed for Prisma Access Global Protect

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Total consumption of licenses allowed for Prisma Access Global Protect

Marcelo_Campos
L1 Bithead

‎05-10-2023 04:50 PM

Hello everyone,

Today one of our clients informed us that at a certain time of the day, users connected to the Globalprotect Prisma Access vpn began to suffer random disconnections.

The service is Prisma Panorama Managed, we began to discard the system logs and the service route from on-premises to the cloud services, without finding logs of disconnection or restart of the ipsec tunnel.

The only traceable thing about the review was to show a peak consumption of licenses for today.

According to the above I have 2 queries

First, it is possible that at that specific time the cloud service had some downtime or maintenance window (how can I verify this?)

Second, when the license limit is reached, does Prisma access allow you to continue associating/connecting users via gp? or start to revoke and/or reuse licenses?

The problem was fixed without intervention when the load of connected users dropped.

please your help thanks in advance.

 

Prisma Access #prisma

Prisma Access
Thumbnail of Prisma Access
Palo Alto Networks
Prisma Access
Secure Access Service Edge
View on Product Page
0 Likes Likes
1 REPLY 1

Haris_Chughtai
L0 Member

‎02-04-2025 08:21 AM

There could be many reasons for random disconnect like back-end infra maintenance or the load on the SPN nodes. In our case when we noticed sudden drops, upon investigation it was identified that few SPNs were having more connections than others. We enabled hot-potato routing  and added more Service Connections. As per PAN best practices guidelines, there should be one service connection per 5000 users. Though in my view we can surely have more user connections but in that case capacity must be watched closely for any potential issues.

 

Regarding when the licences are reached the capacity, as per the documentation, when it occurs consistently for three months,  Prisma Access will allow users continue to connect however it will generate alarm notification to purchase more licences. There is no mention that service will stop working. 

0 Likes Likes
  • 1323 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks