Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
02-05-2023 12:23 PM
Hello,
I connect from home via Prisma to on-prem. I have a few domain controllers setup for pre-logon etc.
- what if my domain controllers were all offline or the firewall was offline
- can i have a domain controller in Azure
I have setup a site to site VPN from Azure to my firewall and can copy data across but dont know yet how to get my Prisma IP range to talk to it.
Should i be concerned about tromboning (latency) if i did get the Prisma clients talking to Azure
or should i be looking at something that allows Prisma to talk direct to Azure
any links to documents are welcome
thanks
02-08-2023 04:21 AM
I assume you're talking about prims access?
Are you currently using LDAP for authentication? If the SC connection is broken, or the ADs were to crash you will no longer be able to logon.
You could consider switching to SAML which should be a little more resilient to failure (and as additional redundancy you could consider setting up a secondary portal, new feature in plugin 3.2.1, to still have LDAP available in case the SAML IdP were to die).
You can set up an SC to your azure environment but ADS doesn't work with LDAP authentication so you'd need to switch to SAML anyway
02-08-2023 04:21 AM
I assume you're talking about prims access?
Are you currently using LDAP for authentication? If the SC connection is broken, or the ADs were to crash you will no longer be able to logon.
You could consider switching to SAML which should be a little more resilient to failure (and as additional redundancy you could consider setting up a secondary portal, new feature in plugin 3.2.1, to still have LDAP available in case the SAML IdP were to die).
You can set up an SC to your azure environment but ADS doesn't work with LDAP authentication so you'd need to switch to SAML anyway
02-09-2023 01:50 PM
yes - i am using Prisma access via Global Protect to connect from home for remote access. I am using LDAP. I have created a domain controller in the cloud and the Azure connection where it is hosted in the cloud has a site to site with my work Palo Alto fw. Is their a way i can connect from prisma direct to the Azure cloud connection without tromboning into my network. ie is their some sort of prisma express route into azure
05-09-2023 12:29 AM - edited 05-09-2023 12:31 AM
Also except SAML with the cloud identity engine SCIM is also an option and for on-prem AD the CIE has an agent:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
