03-27-2023 02:11 AM - edited 03-27-2023 03:02 AM
It is possible to see the source public ip addresses that your traffic will use on the Internet that will be given to you and retrive it API script then you can use it:
The prisma access IP addresses can change after time, so see the workaround at:
Also you have the option "Enable Source NAT for Mobile Users—GlobalProtect IP pool addresses, IP addresses in the Infrastructure Subnet, or both." under a Service connection but maybe dissable that so the Data Center can see the real user ip addresses. Check this:
Prisma Acess for now can't insert XFF (X-Forwarded-For) header which will make life easier as then you can use the real ip addresses but it is what it is.
For inbound traffic you can dissable SNAT this way you will see the real client ip addresses.
As you will starting to work with Prisma Access better take the Palo Alto training as to have the needed knowedge or atleast to see the youtube training EDU-118 that is old but still you will have some basic idea:
https://www.youtube.com/results?search_query=Prisma+Access+EDU-118
https://www.youtube.com/watch?v=1mRLEEV3CwM
https://www.youtube.com/watch?v=VX9an7QMGqE
https://www.youtube.com/watch?v=VX9an7QMGqE
That is it from me 🙂
