- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Prisma Access helps you deliver consistent security to your remote networks and mobile users. All your users connect to Prisma Access to safely use the internet and cloud and data center applications. You get protection at scale with global coverage, so you don’t have to worry about things like sizing and deploying firewalls at your branches, or building out and managing appliances in colocation facilities.
Read on to learn about all the new features and behavior introduced with the release of Prisma Access 3.2.
Cloud Services Plugin 3.2: Prisma Access 3.2 uses a single plugin for both 3.2 Preferred or 3.2 Innovation, providing operational simplification with a unified plugin for both Preferred and Innovation releases. By default, the plugin will run 3.2 Preferred. To upgrade to 3.2 Innovation, reach out to your Palo Alto Networks account representative and submit a request.
SaaS Security Posture Management: The latest enhancements to Palo Alto Networks’ Next-Generation cloud access security broker (CASB) ensures that essential SaaS apps are hardened and protected from dangerous misconfigurations and other security hygiene issues that could put users and data at risk by delivering powerful SaaS security posture management (SSPM) capabilities to the industry’s most comprehensive and integrated SASE solution.
UBA Support: User Behavior Analytics (UBA) enables Prisma Access to detect and stop activity from compromised accounts and malicious insiders before the damage is done. The key functionalities are
Autonomous Digital Experience Management Self Serve: Autonomous digital experience management (Autonomous DEM) empowers end users to resolve application experience issues that fall into their purview without consulting IT. ADEM Self Serve reduces ticket load and improves the experience of end-users by helping them quickly resolve the following issues:
Prisma SASE Platform: SASE Portal will be a single location to access and manage Secure Access Service Edge (SASE) products and services for enterprises and service providers (SPs). The key capabilities are as follows:
Simplified Activation and Subscription Management: You can now use a completely new and revamped user-friendly workflow to activate and manage all your Prisma Access subscriptions in one place. With this update, Palo Alto Networks optimizes the activation flow, significantly reducing the activation time and providing contextual information that can reduce any human errors during the activation.
The updates include the following workflows:
This change allows you to allocate more bandwidth to remote networks. To make this increase effective, you must allocate a minimum of 1000 Mbps to the compute locations associated with the IPSec termination nodes.
Note: Cloud Managed Prisma Access deployments have this change applied automatically. If you have an existing Panorama Managed Prisma Access remote network deployment, you must perform a Commit and Push before installing the 3.2 plugin and perform a Push to Devices after installing the plugin to implement this change.
Simplified SASE Consumption Model with Prisma Access SD-WAN Add-On: Palo Alto Networks is introducing Prisma SD-WAN as a simple add-on solution to Prisma Access, allowing customers to get best-in-class security and SD-WAN in an effortless, consumable model. With the Prisma SD-WAN add-on to Prisma Access, you can get the most comprehensive SASE solution that enables aggregation of bandwidth across all branch locations, provides ease of activation via a single link for all SASE services—including SD-WAN—while gaining the flexibility to easily add additional services as needed from a unified management console.
New Prisma Access Locations: To better accommodate worldwide deployments and provide enhanced local coverage, adds the following new locations, which map to the following compute locations:
New and Renamed Prisma Access Compute Locations and Remapped Locations: To better optimize performance of Prisma Access, the following new compute locations are added and the following locations are remapped to the new compute locations:
In addition, the existing Asia Southeast compute location is renamed Asia Southeast (Singapore).
New deployments have the new remapping applied automatically. If you have an existing Prisma Access deployment that uses one of these locations and you want to take advantage of the remapped compute location, follow the procedure to add a new compute location to a deployed Prisma Access location.
Simplify Private App Access Using ZTNA Connector: The Zero Trust Network Access (ZTNA) Connector dramatically simplifies private app access for all apps including modern, cloud-native, containerized, microservice, and legacy apps.
With the introduction of this feature, you can either use the ZTNA Connector or a service connection to enable access to private apps for your users. Both methods enforce all ZTNA 2.0 principles.
Advanced Threat Prevention Inline Cloud Analysis and Domain Fronting Detection: Advanced Threat Prevention blocks unknown and evasive command and control traffic inline in real-time with unique deep learning and machine learning models.
The following advanced threat prevention capabilities are added to Prisma Access:
Reserved IP Addresses for GlobalProtect and Explicit Proxy Deployments Becoming Active: If you have a Prisma Access Mobile Users: GlobalProtect or Mobile Users: Explicit Proxy deployment, the classification of the allocated gateway and portal IP addresses (for GlobalProtect deployments) and Authentication Cache Service (ACS) and Network Load Balancer (NLB) IP addresses (for Explicit Proxy deployments) is changing.
Currently, two IP addresses are allocated for each gateway and portal for Mobile Users—GlobalProtect deployments: one IP address that is active and one that is reserved for autoscale events or infrastructure or dataplane upgrades. In addition, one active and one reserved address are allocated for the ACS and NLB for Mobile Users—Explicit Proxy deployments.
Starting with Prisma Access 3.2, all Mobile Users: GlobalProtect gateway and portal and all Explicit Proxy ACS and NLB IP addresses are marked as active for the Prisma Access locations and there are no reserved addresses. The IP retrieval API will return all IP addresses as active.
In addition, the term Active will refer to IP addresses that have been allocated to the Prisma Access deployment.
This change ensures that you add all gateway, portal, and ACS IP addresses to your allow lists, which eliminates any issue when a reserved IP address is made active after an autoscaling event or an infrastructure or dataplane upgrade.
In the API script, the addrType of reserved is no longer applicable for Mobile Users: GlobalProtect deployments and will not return any portal or gateway IP addresses.
For more information, including any actions you need to take, read Prisma Access: Reserved IP Addresses for GlobalProtect and Explicit Proxy Deployments Becoming Activ... (be sure you're logged into your customer account to view).
Remapped Prisma Access Compute Locations: To better optimize performance of Prisma Access, Prisma Access has remapped the following locations:
In addition, the existing Asia Southeast compute location is renamed Asia Southeast(Singapore).
New deployments have the new remapping applied automatically. If you have an existing Prisma Access deployment that uses one of these locations and you want to take advantage of the remapped compute location, follow the procedure to add a new compute location to a deployed Prisma Access location.
Steps Required to Increase Remote NetworkIPSec Termination Nodes from 500 Mbps to1000 Mbps: If you have an existing Prisma Access Remote Network deployment that allocates bandwidth by compute location (aggregate bandwidth deployment), complete the following steps to increase the bandwidth of your IPSec termination nodes from 500 Mbps to 1000Mbps:
In either case, make sure that you have selected Remote Networks in the Push Scope.
Note: Palo Alto Networks recommends that you do not make any changes to your secure inbound access deployment during the window between when the infrastructure upgrade occurs for Prisma Access 3.2 and the time when you install the Cloud Services plugin for 3.2, as unpredictable results might occur.
Please check Prisma Access 3.2 Release Preview for more details.
Ideally, LIVEcommunity's product pages (find 'em in our nav bar) will be your first and last stop on your journey to learn more about the Palo Alto Networks products you're using. From discussions and blogs to videos and additional resources, LIVEcommunity can help you get the most from your cybersecurity toolbox.
We encourage you to check out the Prisma Access resources on LIVEcommunity.
Feel free to share your questions, comments and ideas in the section below.
Thank you for taking time to read this blog.
Don't forget to hit the Like (thumbs up) button and to Subscribe to the LIVEcommunity Blog area.
Kiwi out!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Subject | Likes |
---|---|
5 Likes | |
2 Likes | |
2 Likes | |
2 Likes | |
1 Like |