Palo Alto Networks released Prisma Access 1.5 (formerly GPCS – GlobalProtect Cloud Service) and it comes with new features and changes to behavior. Read more about how Prisma Access 1.5 can help you keep your cloud secure.
Let's start off with the new features. As you can see in the list below, there are many new features that have been added, including PAN-OS 9.0 feature support, API command enhancements, and Custom URL enhancements.
|
FEATURE
|
DESCRIPTION
|
|---|---|
|
PAN-OS 9.0 feature support
|
This release offers support for PAN-OS 9.0, which includes the following new features and enhancements:
Note that the following PAN-OS 9.0 features are not supported:
|
|
Route preferences and preferred backup for service connections
|
In addition to Prisma Access’ default routing for service connections, Prisma Access allows a new choice,
Hot potato routing, which changes the way routes are imported and advertised to and from Prisma Access, so traffic destined to service connections (e.g., HQ or data center traffic) exits the Prisma Access network as quickly as possible.
In addition, to help ensure routing symmetry in the event of a link failure, you can choose a preferred service connection to use as a backup if a link to a service connection fails (Backup SC).
|
|
ECMP load balancing for remote network connections
|
To provide additional network resiliency using redundant instances of your Customer Premises Equipment (CPE), Prisma Access allows you to add up to four IPSec tunnels for a single remote network.
|
|
BGP default route support for remote network connections
|
Prisma Access can advertise a default route for remote network connections using BGP. You can then use this route in your organization’s network to direct traffic to Prisma Access.
|
|
API command enhancements
|
Prisma Access adds improvements to the commands you use to retrieve the public IP addresses (the source IP addresses that Prisma Access uses for requests to an internet-based source).
The API command has the following enhancements for mobile user deployments:
|
|
Custom URL category enhancements
|
You can specify up to 2,000 wild card (*.example.com) URLs, including those specified in custom URL categories, which is an increase from 500, when you use traffic forwarding rules with service connections.
|
|
Redistribute HIP information
|
To ensure consistent Host Information Profile (HIP) policy enforcement and to simplify policy management, you can redistribute HIP information received from mobile users and users at remote networks that use the GlobalProtect app from Prisma Access to other gateways, firewalls, and Panorama appliances in your enterprise, including the Panorama that manages Prisma Access.
|
|
View HIP reports from Panorama
|
After you configure Prisma Access to redistribute HIP information to Panorama. Then you can then view an HIP report from Panorama.
|
* - Information adopted from the Prisma Access release notes also available in TechDocs.
The following section details the changes in default behavior after you upgrade to Prisma Access 1.5.**
|
COMPONENT
|
CHANGE
|
|---|---|
|
Mobile user IP pools will advertise extended BGP community strings
|
When Prisma Access advertises IP pools for mobile users, it also advertises an extended BGP community string that contains both the Prisma Access Autonomous System (AS) Number and the ID of the service connection to which the mobile user's location is connected.
|
|
Minimum Panorama version requirements for Prisma Access 1.5
|
In order to use Prisma Access 1.5, you must upgrade your Panorama to a minimum version of 9.0.3-h3 (9.0.4 recommended) before installing the Cloud Services plugin to 1.5.
NOTE: The Cloud Services plugin 1.5 and later require a minimum Panorama version of 9.0.3-h3. If your Panorama is running 8.1, any attempt to download the 1.5 plugin from the software downloads page on the Palo Alto Networks Customer Support Portal and manually upload the plugin on Panorama 8.1 will result in an unsupported configuration and data loss.
See Minimum Panorama of 9.0.3-h3 Required for Prisma Access 1.5 for details.
|
|
API changes
|
We’ve created a new set of API scripts to allow you to quickly and easily retrieve the IP addresses that you need to whitelist in your organization’s network. The existing commands will still work and are still available; however, the improved functionality will be in the newer commands.
|
Minimum Panorama of 9.0.3-h3 Required for Prisma Access 1.5
|
MINIMUM PANORAMA VERSION REQUIRED FOR PRISMA ACCESS 1.5
|
RECOMMENDED VERSION TO USE WITH PRISMA ACCESS 1.5
|
|---|---|
|
9.0.3-h3
|
9.0.4
If you use the trial version of Data Loss Prevention (DLP) with Prisma Access, 9.0.4 is required.
|
** - Information adopted from the Changes to Default Behavior also available in TechDocs.
For more information about all the features added in Prisma Access 1.5 and all the previous versions, latest releases, upgrades, and installation information, please see the Prisma Access Release Notes.
Prisma Access Administrator’s Guide
Please see the Prisma Access Administrator’s Guide for details on how to configure and use Prisma Access.
Thanks for taking time to read my blog.
If you enjoyed this, please hit the Like (thumbs up) button, don't forget to subscribe to the LIVEcommunity Blog.
As always, we welcome all comments and feedback in the comments section below.
Stay Secure,
Joe Delio
End of line
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
| Subject | Likes |
|---|---|
| 5 Likes | |
| 3 Likes | |
| 3 Likes | |
| 3 Likes | |
| 3 Likes |
| User | Likes Count |
|---|---|
| 13 | |
| 4 | |
| 3 | |
| 3 | |
| 2 |
