https://live.paloaltonetworks.com/t5/general-topics/prisma-direct-access-to-azure/m-p/530557#M109482 <P>yes - i am using Prisma access via Global Protect to connect from home for remote access.&nbsp; I am using LDAP.&nbsp; I have created a domain controller in the cloud and the Azure connection where it is hosted in the cloud has a site to site with my work Palo Alto fw.&nbsp; Is their a way i can connect from prisma direct to the Azure cloud connection without tromboning into my network. ie is their some sort of prisma express route into azure&nbsp;</P> Thu, 09 Feb 2023 21:50:24 GMT ohareka 2023-02-09T21:50:24Z https://live.paloaltonetworks.com/t5/general-topics/prisma-direct-access-to-azure/m-p/529926#M109368 <P>Hello,</P> <P>I connect from home via Prisma to on-prem.&nbsp; I have a few domain controllers setup for pre-logon etc.</P> <P>- what if my domain controllers were all offline or the firewall was offline</P> <P>- can i have a domain controller in Azure&nbsp;</P> <P>I have setup a site to site VPN from Azure to my firewall and can copy data across but dont know yet how to get my Prisma IP range to talk to it.</P> <P>&nbsp;</P> <P>Should i be concerned about tromboning (latency) if i did get the Prisma clients talking to Azure</P> <P>or should i be looking at something that allows Prisma to talk direct to Azure&nbsp;</P> <P>&nbsp;</P> <P>any links to documents are welcome&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>thanks&nbsp;</P> Sun, 05 Feb 2023 20:23:56 GMT https://live.paloaltonetworks.com/t5/general-topics/prisma-direct-access-to-azure/m-p/529926#M109368 ohareka 2023-02-05T20:23:56Z https://live.paloaltonetworks.com/t5/general-topics/prisma-direct-access-to-azure/m-p/530301#M109438 <P>I assume you're talking about prims access?</P> <P>Are you currently using LDAP for authentication? If the SC connection is broken, or the ADs were to crash you will no longer be able to logon.</P> <P>You could consider switching to SAML which should be a little more resilient to failure (and as additional redundancy you could consider setting up a secondary portal, new feature in plugin 3.2.1, to still have LDAP available in case the SAML IdP were to die).&nbsp;</P> <P>&nbsp;</P> <P>You can set up an SC to your azure environment but ADS doesn't work with LDAP authentication so you'd need to switch to SAML anyway</P> Wed, 08 Feb 2023 12:21:55 GMT https://live.paloaltonetworks.com/t5/general-topics/prisma-direct-access-to-azure/m-p/530301#M109438 reaper 2023-02-08T12:21:55Z https://live.paloaltonetworks.com/t5/general-topics/prisma-direct-access-to-azure/m-p/530557#M109482 <P>yes - i am using Prisma access via Global Protect to connect from home for remote access.&nbsp; I am using LDAP.&nbsp; I have created a domain controller in the cloud and the Azure connection where it is hosted in the cloud has a site to site with my work Palo Alto fw.&nbsp; Is their a way i can connect from prisma direct to the Azure cloud connection without tromboning into my network. ie is their some sort of prisma express route into azure&nbsp;</P> Thu, 09 Feb 2023 21:50:24 GMT https://live.paloaltonetworks.com/t5/general-topics/prisma-direct-access-to-azure/m-p/530557#M109482 ohareka 2023-02-09T21:50:24Z https://live.paloaltonetworks.com/t5/general-topics/prisma-direct-access-to-azure/m-p/541513#M110991 <P>Also except SAML with the cloud identity engine SCIM is also an option and for on-prem AD the CIE has an agent:</P> <P>&nbsp;</P> <P><A href="https://docs.paloaltonetworks.com/cloud-identity/cloud-identity-engine-getting-started/choose-directory-type/configure-an-on-premises-directory" target="_blank">https://docs.paloaltonetworks.com/cloud-identity/cloud-identity-engine-getting-started/choose-directory-type/configure-an-on-premises-directory</A></P> <P>&nbsp;</P> <P>&nbsp;</P> <P><A href="https://docs.paloaltonetworks.com/cloud-identity/cloud-identity-engine-getting-started/choose-directory-type/configure-a-cloud-based-directory" target="_blank" rel="noopener">https://docs.paloaltonetworks.com/cloud-identity/cloud-identity-engine-getting-started/choose-directory-type/configure-a-cloud-based-directory</A></P> Tue, 09 May 2023 07:31:14 GMT https://live.paloaltonetworks.com/t5/general-topics/prisma-direct-access-to-azure/m-p/541513#M110991 nikoolayy1 2023-05-09T07:31:14Z