Prisma Access Discussions

Welcome to the Prisma Access Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! I'd like to know about certificates for GlobalProtect user authentication.

Attention: JAPAC TPM team
Hello Team,

Is it possible to apply client certificates to only some user authentications using GlobalProtect depending on the OS type?

My understanding is that if a certificate is specified in GlobalProtect's user authen

...

The user information linked in the CIE does not match the match criteria in the GP's application settings.

We would like to know the user information that corresponds to the GP sign-in account and tunnel settings and other matching conditions.

We are currently verifying SAML login and SSO in our verification environment.
In the GP application and tunnel set

...

Resolved! ZTNA Connector prisma access

Hi,

In 1 arm deployment of ztna connector (ztna connector and on prem apps in same subnet), how can traffic from on prem apps can return to ztna connector? Does ztna connector perform SNAT?

Export Configuration from Cloud Managed Prisma Access

I would like to export the configuration from my cloud managed Prisma Access instance -- preferably in JSON format. Is this possible? If not, I would like to make it a feature request.

Thanks

-tom

Resolved! Could you please tell me about the Embedded Browser Framework Upgrade, an enhancement of GlobalProtect version 6.3?

Attention: JAPAC TPM team
Hello Team,

I wanted to reduce the amount of user interaction with GlobalProtect's SAML authentication, so I did some research and found the following feature.
https://svc-desc.paloaltonetworks.com/mobile-users/gp/gp-agent/#

...

Resolved! Please tell me about Client to Firewall and Firewall to Client in the Strata Cloud Manager Firewall/Decryption log.

Attention: JAPAC TPM team
Hello Team,

Please tell me about Client to Firewall and Firewall to Client in the StrataCloudManager Firewall/Decryption log.

My understanding of Client to Firewall and Firewall to Client is as follows.
-Client to Firewall:

...

Could you please explain the security policy's "Internet Access Rule"?

Attention: JAPAC TPM team
Hello Team,

Could you please explain the security policy's "Internet Access Rule"?

I have a question about the "File Control Profile" item under "Security Inspection" at the bottom of the settings screen.

▼Predefined
- All f

...

Resolved! Regarding the selection of the MU-SPN connection destination

Attention: JAPAC TPM team
Hello Team,

When IP Optimization is disabled and there are multiple MU-SPNs in a single compute location,
how is the MU-SPN to be connected to selected?

I understand that it connects to the one that is physically close and

...

Resolved! Please tell me about the DNS server address that is dynamically set when connecting to Global Protect.

Attention: JAPAC TPM team
Hello Team,

If you run ipconfig /all after connecting to GlobalProtect, the DNS server entry will show an IP address in the same segment as the device's IP address.

-I understand that this DNS server is the IP address used

...

GP agent as user to ip mapping method for Prisma remote network

Is it possible to use GP as user to ip mapping method for Prisma remote network?

I cannot see GP portal/gateway configuration buttons (they are looks not active -greyed out) on Remote Network template (Prisma Access managed by Panorama) this settings

...

Time Zone Issues with Prisma Global Protect

Been having issues with users computers changing timezones when connected to prisma access, I am not sure why this is happening. I assume its connecting to different gateways because "best available" is used. Any ideas where to look to see whats goin

...

Service Connection Redundancy

Hi Team,

I know that we can Redudanant the Service Connection witht 2 ISP with 2 Tunnels

but i want some information we know we have 2 tunnel so if our one tunnel is down another will up

but but what about Service Connection itself e.g i have

...

BGP

i am activated BGP in service connection, but why in BGP status is Not Enabled, while in Monitor > Data Center BGP Status is UP.?

Resolved! About MU-SPN behavior when IP Optimization function is enabled

For RN and SC, the IP address assigned from the service infrastructure IP is set as the loopback address, but
when IP Optimization is enabled, will the MU-SPN have an IP address assigned from the service infrastructure IP?
If so, is there a way to chec

...

Multiple IdPs for GP Authentication

Hi Team,

Today, I received a new use case from my customer.

In their Prisma Access cloud-managed environment, we have configured SAML authentication for SSL VPN connectivity.

Now, the customer has a new requirement: one of their clients needs access

...

Discussions

Welcome to the Prisma Access Discussions!

Rules and Best Practices

Resolved! I'd like to know about certificates for GlobalProtect user authentication.

The user information linked in the CIE does not match the match criteria in the GP's application settings.

Resolved! ZTNA Connector prisma access

Export Configuration from Cloud Managed Prisma Access

Resolved! Could you please tell me about the Embedded Browser Framework Upgrade, an enhancement of GlobalProtect version 6.3?

Resolved! Please tell me about Client to Firewall and Firewall to Client in the Strata Cloud Manager Firewall/Decryption log.

Could you please explain the security policy's "Internet Access Rule"?

Resolved! Regarding the selection of the MU-SPN connection destination

Resolved! Please tell me about the DNS server address that is dynamically set when connecting to Global Protect.

GP agent as user to ip mapping method for Prisma remote network

Time Zone Issues with Prisma Global Protect

Service Connection Redundancy

BGP

Resolved! About MU-SPN behavior when IP Optimization function is enabled

Multiple IdPs for GP Authentication

Service Connection for Prisma Access Browser- How to ?

ZTNA Connector prisma access

I'd like to know about certificates for GlobalProtect user authentication.

Please tell me about Client to Firewall and Firewall to Client in the Strata Cloud Manager Firewall/Decryption log.

Could you please tell me about the Embedded Browser Framework Upgrade, an enhancement of GlobalProtect version 6.3?

Re: Service Connection for Prisma Access Browser- How to ?

Re: Prisma Access Mobile Users - User-id data redistribution to on-prem NGFWs

Unlock your full community experience!

Rules and Best Practices

Resolved! I'd like to know about certificates for GlobalProtect user authentication.

Resolved! ZTNA Connector prisma access

Resolved! Could you please tell me about the Embedded Browser Framework Upgrade, an enhancement of GlobalProtect version 6.3?

Resolved! Please tell me about Client to Firewall and Firewall to Client in the Strata Cloud Manager Firewall/Decryption log.

Resolved! Regarding the selection of the MU-SPN connection destination

Resolved! Please tell me about the DNS server address that is dynamically set when connecting to Global Protect.

Resolved! About MU-SPN behavior when IP Optimization function is enabled