What's New in Prisma Access 4.0?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Community Team Member
kiwi_1-1680082415352.png

 

 

Palo Alto Networks is once again raising the bar in cloud-delivered security with the availability of Prisma Access 4.0, the industry’s only ZTNA 2.0 security solution delivered in a simple unified product. In this latest release, we are yet again strengthening our market-leading ZTNA 2.0 security with the following new features and enhancements:

 

Prisma Access 4.0: Application and User Security

 

    • Traffic Replication support enables deeper forensic analysis
    • Advanced WF support in Prisma Access
    • Enhanced IoT Security efficacy in Prisma SASE
    • SaaS Phishing Attack Protection
    • Third Party Device-ID support allows customers to enforce policies for devices discovered using 3rd party IoT vendors.

 

Prisma Access 4.0 User Experience

 

    • Improved activation and user driven licensing workflows
    • Support 15K Remote Sites Per Tenant
  • User and Branch Connectivity
    • GP Agent support for Explicit Proxy 
    • ZTNA Connector enables onboarding of private apps (including apps in overlapped networks) to Prisma Access 
    • End-to-End IPv6 connectivity  
  • Regulatory Compliance and Geographic Availability
    • Additional Prisma Access Locations Guatemala, Latvia, Ghana, Uganda, Senegal, Kazakhstan
    • New Prisma Access Compute regions in Poland, Salt Lake City, Sweden*, UAE*
    • AWS Local Zone Support (regions): Chicago, Miami, Perth
    • Prisma Access China

 

When will Prisma Access 4.0 features and capabilities be available?

 

The GA date for Prisma Access 4.0 is April 2023. Please check https://status.paloaltonetworks.com/ for up-to-date product release information.

 

Is there a Preferred and Innovation Release for Prisma Access 4.0 ?

 

Prisma Access 4.0 is only available as a preferred release

 

Should all customers upgrade to 4.0?

 

We recommend all customers migrate to Prisma Access 4.0 to leverage the latest Prisma Access capabilities.

 

What are the Minimum Requirements needed for a PA 4.0 upgrade?

 

After the first quarter of calendar year 2023, Palo Alto Networks will release a new Cloud Services plugin for Panorama Managed Prisma Access (tentatively known as Prisma Access 4.0). The 4.0 release will encompass the PAN-OS 10.2 dataplane and will support the features listed later in this article.

  

In order to provide you with the new and innovative PAN-OS 10.2 features to keep your network and applications secure, Prisma Access 4.0 requires that you upgrade your Panorama to the following minimum version before installing the plugin:

 

Prisma Access Version

Minimum Required Panorama Version

4.0

11.0

10.2.3
10.1.7

 

This requirement is in line with the recent efforts to provide a consistent security posture, improved stability, and enhanced administrative experience across all Palo Alto Networks products and services. If you are currently running a Preferred release, Prisma Access 4.0 will include a dataplane upgrade, which allows you to take advantage of PAN-OS 10.2 features and use the most up-to-date security features that are offered with Prisma Access, including the following features:

 

Management Features:

Policy Features:

Content Inspection Features:

Decryption Features:

URL Filtering Features:

Enterprise Data Loss Prevention Features:

 

Pricing and Packaging

 

Can customers upgrade from Business or Business Premium to Enterprise Edition?

The ability to upgrade to a higher edition is targeted for Q1 FY 23.

 

Can customers renew Prisma Access?

Yes, renewals are supported, however performing an amend and renewal at the same time is not supported yet

 

What are the capabilities introduced in Prisma Access 4.0 ?

 

  • Application and User Security
    • Traffic Replication support enables deeper forensic analysis
      • Prisma Access Traffic Replication allows organizations to replicate traffic across from any application within the SASE environment to an external cloud-based service for forensic analysis, breach impact evaluation, meeting compliance requirements and perform application performance
    • Advanced WF support in Prisma Access
      • We are launching a new cloud-delivered security service called Advanced Security with Prisma Access 3.2. Similar to our other subscriptions, such as Threat Prevention, WildFire and DNS Security, this new service is delivered via the cloud and turned on and managed through Prisma Access.
    • Enhanced IoT Security efficacy in Prisma SASE
      • In Prisma SASE deployments, the on-prem SDWAN will enhance the visibility into the local traffic in the branch (eg: DHCP, ARP). This will increase the IoT Inventory accuracy which results in enhanced IoT N/S security policies.
    • SaaS Phishing Attack Protection with Advanced URL Filtering
    • Third Party Device-ID support allows customers to enforce policies for devices discovered using 3rd party IoT vendors.
  • User Experience
    • Support 15K Remote Sites Per Tenant
      • With 4.0, we are introducing Onboard and Manage up to 15,000 Remote Networks per tenant , Scalable Management Interface without compromising on administrative experience, Up to 2X improvement in time taken to commit the configuration , Quick search functionality, Increased Route-table capacity with up to 70K routes , Visibility and Monitoring at scale to manage the infrastructure
  • User and Branch Connectivity
    • GP Agent support for Explicit Proxy 
      •  We are introducing Proxy Mode in GlobalProtect Agent
      •  With this introduction, we can replace any Proxy solution with ease
      •  Use GlobalProtect in Proxy mode for Internet Security
      •  Always-on Internet Security even if users disable or disconnect GP
      • Easily Co-exist with 3rd party VPNs with no additional effort
      • Use GlobalProtect in Hybrid-mode to secure internet via Proxy & secure access to private apps via Tunnel
    • ZTNA Connector enables onboarding of private apps (including apps in overlapped networks) to Prisma Access  
      • ZTNA Connector - a VM that allows you to onboard private applications, including apps in overlapped networks, to Prisma Access with automated tunnel setup to the nearest Prisma Access compute location. Supports client initiated traffic for all ports and protocols.
  • Regulatory Compliance and Geographic Availability
    • Additional Prisma Access Locations Guatemala, Latvia, Ghana, Uganda, Senegal, Kazakhstan
    • New Prisma Access Compute regions in Poland, Salt Lake City
    • AWS Local Zone Support (regions): Chicago, Miami, Perth
    • Prisma Access China. Please refer to China Prisma Access solution loop page 
2 Comments
L0 Member

End-to-End IPv6 connectivity is covered by 4.0 ? I can't see the feature release on the release note.

Community Team Member

Hi @mtakeuchi 

 

Thanks for your message. This feature was pushed back to a future release.  Blog has been updated.

 

Kind regards,

-Kiwi.

  • 6932 Views
  • 2 comments
  • 0 Likes
Register or Sign-in
Labels
Top Liked Authors