New Features Introduced in Prisma Access 5.0

We've got the lowdown on Prisma Access' latest features, plus some tips on upgrades and changes to how things work compared to the older Prisma Access releases. Dive in and stay in the know!

We've got two flavors of Prisma Access 5.0 for you:

• 5.0 Preferred rolls with a PAN-OS dataplane version earlier than 10.2.8. No need for a dataplane upgrade if you're currently rocking Prisma Access 4.0, 4.1, or 4.2.
• 5.0 Innovation is the one to watch out for—it runs on the upcoming PAN-OS 10.2.8 dataplane and unleashes all the cool features that come with it. Exciting stuff!

To fully enjoy the latest features in Prisma Access 5.0 Innovation, it's recommended to first upgrade your Prisma Access deployment to the specified version(s) before installing the plugin. Keep in mind that the Prisma Access 5.0 release shares the same minimum requirements as Prisma Access 4.0. Additionally, for access to all features, ensure your dataplane is upgraded to 10.2.8, a prerequisite for Prisma Access 5.0 Innovation.

To make the most of Prisma Access 5.0 features, you'll need to have one or more of the following components:

• Infrastructure Upgrade: The infrastructure of Prisma Access involves the service backend, orchestration, and monitoring infrastructure. Prisma Access ensures an infrastructure upgrade precedes the general availability (GA) of any Prisma Access version.
  Once upgraded, features that solely depend on an infrastructure upgrade become active across all Prisma Access deployments, regardless of their specific versions, right at the moment of the infrastructure upgrade.
  
  
• Plugin Upgrade (Only for Prisma Access Panorama Managed Deployments): When you install the plugin you'll unleash the new features that come with that specific release. Simply download and install the plugin on the Panorama that manages Prisma Access, and you're ready to roll with the enhanced functionalities!
  
  
• Dataplane Upgrade: The dataplane conducts traffic inspection and enforces security policies on your network and user traffic.
  
  For Prisma Access deployments managed by Panorama, checking your dataplane version is a breeze. Just head to Panorama > Cloud Services > Configuration > Service Setup and take a peek at the Prisma Access Version. Prisma Access 5.0 Innovation runs PAN-OS 10.2.8.
  
  NOTE: Upgrading to the 5.0 Innovation dataplane is entirely at your discretion. It is only needed if you're itching to tap into those cool features that come with the dataplane upgrade. Regarding the minimum Panorama and GlobalProtect versions, the Prisma Access 5.0 release aligns with the same versions as Prisma Access 4.0

These features are activated with the infrastructure upgrade:

• Support for Cortex Data Lake Switzerland Region

The following features require infrastructure and plugin upgrade (No dataplane upgrade needed):

• Service Connection Identity Redistribution Management
• BGP MRAI Configuration Support
• ZTNA Connector Enhancements
• Enhanced IoT Policy Recommendation Workflow for Strata Cloud Manager
• Integrate Prisma Access with Microsoft Defender for Cloud Apps (minimum 10.2.4 dataplane required)

The following features need infrastructure, plugin, and dataplane upgrade (Triple Play!):

• App Acceleration in Prisma Access
• Remote Browser Isolation
• Traffic Replication Remote Network and Strata Cloud Manager Support
• Maximum of 500 Remote Networks Per Termination Node for 1 Gbps Remote Networks
• Enhanced SaaS Tenants Control

The following features will be generally available with Prisma Access 5.0:

• App Acceleration in Prisma Access (5.0 Innovation Feature) - weakened wireless connections, network traffic jams, or other sneaky culprits can make it feel like things are moving at a snail's pace. These hiccups can seriously cramp your team's style, putting a dent in their productivity.
  
  Enter App Acceleration, swooping in like a tech superhero. It fixes the app-speed blues and does it in real-time, cranking up the speed while keeping your security A-game strong. The result? A turbocharged user experience for Prisma Access GlobalProtect and Remote Network users.
  
  
• Remote Browser Isolation (5.0 Innovation Feature) - In the ever-changing landscape of online threats, browsers and web-based attacks are constantly morphing and throwing new challenges at enterprises. Web browsers are doors through which malware sneaks into networks, posing a real headache for security teams. It's a game of cat and mouse, and the need to shield networks and devices from these sneak attacks is more crucial than ever.
  Remote Browser Isolation (RBI) steps in like a superhero cape for your users' local browsers. It creates this fortress-like environment, where zero-day web threats just bounce off the walls—no chance for malicious website code or files to wreak havoc on your users' browsers or devices.
  
   
• Service Connection Identity Redistribution Management - This feature lets you handpick the service connections you want in on the identity redistribution action.
  
  By default, it's a bit like a "grab whatever's closest" scenario for identity redistribution among all your service connections. But you might not always know which ones are in the spotlight at any given moment. With a bunch of service connections and User-ID agents in the mix, this method can put your system resources to the test.
  Now, you get to play director and choose exactly which service connections take the stage for identity redistribution.
  
  
• Traffic Replication Remote Network and Strata Cloud Manager Support (5.0 Innovation Feature) - Now, not only do you get a copy of the traffic from your mobile users, but with traffic replication you also get it from your branches. This feature maintains a consistent way of capturing traffic for a clear view of all scenarios. No need for a major overhaul either – we're seamlessly sharing the remote network traffic copy from the same storage buckets as your mobile users.
  You're in control. Decide whether Traffic Replication should be on for mobile users, remote networks, or both. It's like having a traffic remote, customized just the way you like it.
  
  
• ZTNA Connector Enhancements - The ZTNA Connector is about to step up its game with some fantastic enhancements:
• Applications based on wildcards and IP subnets - In addition to adding applications based on FQDNs you can now roll with FQDN wildcards and IP subnets.
• Additional Diagnostic Tools - Explore additional diagnostic tools that go beyond the existing ones for ZTNA Connector. Tools such as Dump Overview, Packet Captures and Tech Support are designed to make troubleshooting ZTNA Connector issues a breeze!
• FQDN DNS Resolution to Multiple IP Addresses - If an application's FQDN leads to multiple private IP addresses, our ZTNA connector takes charge and conducts an application probe, checking the status of all those IP addresses. The magic happens as it skillfully load balances the FQDN access, directing you to multiple resolved IP addresses with an "Up" application status.
  
  
• BGP MRAI Configuration Support - BGP routing provides a tool known as the Minimum Route Advertisement Interval (MRAI) to customize network convergence. MRAI functions by restricting updates on a per-destination basis. BGP routers adhere to the configured MRAI time before transmitting an advertisement for the same prefix. Choosing a smaller value accelerates convergence but increases advertisement volume, while a larger value reduces advertisements but slows convergence.
  
  
• Support for Cortex Data Lake Switzerland Region.
  
  
• Cloud Managed Support for Prisma Access China - With the addition of Cloud Managed Prisma Access, you're in control. Choose between Cloud Managed or Panorama Managed Prisma Access to steer your China deployment. Harness the power of Strata Cloud Manager to effortlessly oversee your network security infrastructure, all from a sleek and unified user interface.
  Onboard branches and mobile users in a snap with task-driven workflows, setting up and testing your environment within minutes. Strata Cloud Manager simplifies onboarding by providing predefined internet access and decryption policy rules based on best practices.
  Setting up IPSec tunnels and enabling SSL decryption becomes easy as pie thanks to default configurations for common devices and recommended URL categories.
  Cloud-managed deployments grant you access to the Prisma SASE Multitenant Portal where you can tap into Common Services for multiple tenants, managing subscriptions, tenants, and identity and access with ease.
  
  
• Integrate Prisma Access with Microsoft Defender for Cloud Apps - Elevate your security game by seamlessly blending Prisma Access with Microsoft Defender for Cloud Apps to get a synchronized approach that identifies and automatically blocks unsanctioned applications in real-time.
  Once integrated, Prisma Access takes the lead in creating a security policy that puts the brakes on URLs flagged by Microsoft Defender for Cloud Apps.
  This integration opens up a window into the world of cloud applications and shadow IT, giving you the power to spot them. Plus, say goodbye to unsanctioned applications with closed-loop remediation.
  
  
• Maximum of 500 Remote Networks Per Termination Node for 1 Gbps Remote Networks (5.0 Innovation Feature) - We're upping the ante on the maximum number of 1 Gbps remote networks you can assign per IPSec termination node. The limit is getting a boost from 400 to 500! To make this happen, make sure you allocate a minimum of 501 Mbps for the compute locations linked to the IPSec termination nodes.
  
  
• Enhanced SaaS Tenants Control (5.0 Innovation Feature) - You have the power to finely tune and apply specific policies tailored to individual tenants across a wide range of SaaS applications, such as Github or Bitbucket. You can explore the comprehensive list of supported apps at https://docs.paloaltonetworks.com/saas-security/saas-security-admin/saas-security-inline/remediate-r....
  With this feature you can implement scenarios where you may want to permit all actions (like uploads and downloads) for a corporate Github account while restricting uploads for a partner instance of the same Github SaaS application.
   
• Enhanced IoT Policy Recommendation Workflow for Strata Cloud Manager - IoT adoption comes with sneaky cyber threats and we need to be smart about it with policy recommendations that protect your organization's devices with least privilege Zero Trust policies. With Strata Cloud Manager to set up Prisma Access you've got access to IoT policy recommendation workflows.
  
  

Feel free to share your questions, comments and ideas in the section below.

Thank you for taking time to read this blog.

Don't forget to hit the Like (thumbs up) button and to Subscribe to the LIVEcommunity Blog area.