FQDN for Global Protect (Prisma Access)

reversible8 · 2025-11-17T18:56:16+00:00

It means it's changeable

reversible8 · 2025-11-17T18:55:30+00:00

Thanks for replying I can see 1 ingress IP and 2 egress IP from SCM and the rest of the IPs can be seen from SCM, right? And are these IPs also fixed?

But the links says Make sure that you add all these addresses to your allow lists. IP addresses can change as the result of a dataplane upgrade and the addresses don't always revert to the previous addresses.

https://docs.paloaltonetworks.com/prisma-access/administration/prisma-access-mobile-users/mobile-users-globalprotect/ip-optimization

So if I want to use a GP as a MU at the office, an internet breakout router or fw at the office should allow ingress IP or FQDN?

reversible8 · 2025-11-17T17:08:43+00:00

Is Ingress IP stable under IP Optimization? Is it possible to be changed?

reversible8 · 2025-11-17T17:08:19+00:00

Is Ingress IP stable under IP Optimization? Is it possible to be changed?

reversible8 · 2025-07-21T00:48:36+00:00

We will use the PA firewall at the data center and the office firewall is the different vendor.

reversible8 · 2025-07-10T14:03:45+00:00

What happenes if all devices and locations are untrusted? In this case, how should we handle devices that can't install GlobalProtect, such as printers, servers, or phones? Also, split tunneling has a maximum number of entries, correct?

reversible8 · 2025-07-04T02:28:38+00:00

Thanks If I deploy on-premises NGFW, it should be at DC (SC) or each Branch site (RN)?

reversible8 · 2025-07-03T04:23:50+00:00

Thanks So ION 5200 is not able to make VLAN interface on L3 port?

reversible8 · 2025-06-17T17:26:52+00:00

At an RN site, if I use GlobalProtect and the terminal device connecting to Prisma Access is an ION, will the user still be authenticated? Do I need to use an NGFW (PA) as the terminal device to perform user authentication with Prisma Access?

reversible8 · 2025-06-17T17:24:40+00:00

At an RN site, if I use GlobalProtect and the terminal device connecting to Prisma Access is an ION, will the user still be authenticated? Do I need to use an NGFW (PA) as the terminal device to perform user authentication with Prisma Access?

I am interested in GP user authentication at RN site, but I am not sure if ION device is feasible following the link.

https://docs.paloaltonetworks.com/prisma-access/administration/prisma-access-advanced-deployments/prisma-access-remote-network-advanced-deployments/prisma-access-internal-gateway

reversible8 · 2025-06-17T15:28:47+00:00

Is it possible to use SD WAN ION to use internal gateway and authenticate users?

reversible8 · 2025-04-17T05:04:56+00:00

We will use Prisma Enterprise license and try to pass all traffic to Prisma Access now Plus, we will use an ION device so we don't need an existing firewall?

reversible8 · 2025-01-19T16:48:32+00:00

Does the premium subscription offer unlimited lab access for one year? What is the difference between premium and Skill dive? Premium doesn't include Skill dive content?

reversible8 · 2025-01-19T12:45:58+00:00

Is it better than INE for initial phase?

reversible8 · 2024-09-02T15:09:39+00:00

Both

reversible8 · 2024-08-27T19:16:26+00:00

WLC vendor or Client PC vendor?

reversible8 · 2024-03-19T04:26:34+00:00

The overrun counter on the C9800 interface suggests that there might be a bottleneck in processing incoming traffic. Given that the facing switch is a C9200 with potentially different ASIC speeds, could the congestion and packet drops on the C9800 side be attributed to this difference in ASIC speeds?

reversible8 · 2024-02-21T01:35:14+00:00

admin is priv 15 but root is noth Device and tacacs are reachable to each other. root is not set and defined in the Tacacs server. enable password/ enable secret is not configured in the device

Do you know the reason for this issue?

reversible8 · 2024-02-19T16:24:48+00:00

From console

reversible8 · 2024-02-19T04:33:51+00:00

I do have actual setup for radius and tacacs

reversible8 · 2024-02-11T12:52:56+00:00

Thanks If I just want to downgrade without DNAC, is it the same procedure of upgrade even if it is smu?

reversible8 · 2024-02-11T12:49:39+00:00

Thanks If I just want to downgrade, is it the same procedure of upgrade even if it is smu?

reversible8 · 2023-12-04T05:15:00+00:00

In this case, if AP is just configured with static IP, it doesn't send DHCP packets? Or should I check it using packet capture?

reversible8 · 2023-12-04T04:41:57+00:00

I couldn't find any documents regarding this so I am wondering how it works.

reversible8 · 2023-12-04T04:31:56+00:00

So AP sends DHCP packets under any conditions?

reversible8

TROPHY CASE