Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Prisma direct access to Azure

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Prisma direct access to Azure

L1 Bithead

Hello,

I connect from home via Prisma to on-prem.  I have a few domain controllers setup for pre-logon etc.

- what if my domain controllers were all offline or the firewall was offline

- can i have a domain controller in Azure 

I have setup a site to site VPN from Azure to my firewall and can copy data across but dont know yet how to get my Prisma IP range to talk to it.

 

Should i be concerned about tromboning (latency) if i did get the Prisma clients talking to Azure

or should i be looking at something that allows Prisma to talk direct to Azure 

 

any links to documents are welcome 

 

 

thanks 

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

I assume you're talking about prims access?

Are you currently using LDAP for authentication? If the SC connection is broken, or the ADs were to crash you will no longer be able to logon.

You could consider switching to SAML which should be a little more resilient to failure (and as additional redundancy you could consider setting up a secondary portal, new feature in plugin 3.2.1, to still have LDAP available in case the SAML IdP were to die). 

 

You can set up an SC to your azure environment but ADS doesn't work with LDAP authentication so you'd need to switch to SAML anyway

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

View solution in original post

3 REPLIES 3

Cyber Elite
Cyber Elite

I assume you're talking about prims access?

Are you currently using LDAP for authentication? If the SC connection is broken, or the ADs were to crash you will no longer be able to logon.

You could consider switching to SAML which should be a little more resilient to failure (and as additional redundancy you could consider setting up a secondary portal, new feature in plugin 3.2.1, to still have LDAP available in case the SAML IdP were to die). 

 

You can set up an SC to your azure environment but ADS doesn't work with LDAP authentication so you'd need to switch to SAML anyway

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

yes - i am using Prisma access via Global Protect to connect from home for remote access.  I am using LDAP.  I have created a domain controller in the cloud and the Azure connection where it is hosted in the cloud has a site to site with my work Palo Alto fw.  Is their a way i can connect from prisma direct to the Azure cloud connection without tromboning into my network. ie is their some sort of prisma express route into azure 

  • 1 accepted solution
  • 1964 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!