Read about the features in Prisma Access (GlobalProtect Cloud Services 1.3.1). Here, you can find a clear summary of the features for GlobalProtect Cloud Service, and you can watch a video that provides some additional details. Got questions? Get answers on Live Community.
Here's a short summary of the features and changes in default behavior for Prisma Access (GPCS). For full details, see the link to the Release Notes below.
Features Released in GlobalProtect Cloud Services 1.3.1
When you onboard mobile users, this release includes the ability to specify one or more regions in order to exclude deployment in all regions.
Reduced IP Address Pool Requirement for Mobile Users
You can now specify a minimum IP address pool of a /23 subnet (512 addresses) for a single region when you onboard mobile users.
Pre-defined IPSec Tunnel Configurations
GlobalProtect Cloud Service will include pre-defined IPSec tunnel profiles for some common third-party IPSec and SD-WAN devices.
Clientless VPN Portal
This GlobalProtect Cloud Service release will support Clientless VPN.
Clientless VPN Reverse Proxy for SaaS Security
GlobalProtect Cloud Service will allow you to control unsanctioned and employee-owned device access to your network and redirect device traffic to GlobalProtect Cloud Service for inspection without putting your network or data at risk. Unsanctioned device access control utilizes SAML redirection by proxy instead of directly exposing the SaaS app on your network, removing all possible vulnerabilities to data exfiltration and malware propagation.
New region Paris Available for Mobile Users, Remote Networks, and Service Connections
An additional region, Europe (Paris), will be added to the list of available regions.
Additional Bandwidth Choices for Remote Networks
To better accommodate larger networks, the additional remote network bandwidth choices of 500 Mbps or 1 Gbps will be added.
Support for Overlapping Subnet - Internet Outbound
You will be able to deploy remote network locations with overlapping subnets in the same region.
Change to Default Behavior
GlobalProtect Cloud Services will make the following changes when onboarding and selecting regions for mobile users:
New Regions tab — When you onboard mobile users, there is an extra tab, Regions, in the Panorama Cloud Services Configuration Mobile Users Configure page.
Region selection after upgrade — After you upgrade, if you want to deploy your mobile users in additional locations, select only those locations in regions for which you have IP address pools allocated.