This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Prisma Access Discussions
Prisma Access secures access to the cloud for branch offices and mobile users anywhere in the world with a scalable, cloud-native architecture that will soon be managed via a new streamlined cloud management UI.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Prisma Access Discussions
Prisma Access secures access to the cloud for branch offices and mobile users anywhere in the world with a scalable, cloud-native architecture that will soon be managed via a new streamlined cloud management UI.
About Prisma Access Discussions
Prisma Access secures access to the cloud for branch offices and mobile users anywhere in the world with a scalable, cloud-native architecture that will soon be managed via a new streamlined cloud management UI.

Discussions

Start a conversation

Welcome to the Prisma Access Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 2615 Views
  • 0 replies
  • 1 Likes

MasterDevice Configuration

Hello PaloAlto engineer Team, I'm trying to configure the MasterDevice. Setting the MasterDevice to CIE doesn't mean the MasterDevice settings will be applied to Prisma Access or all devices in the device group, right? I understand that the MasterDevice just lets me know which device group the username will appear in the security policy. h...

Portal Auth v Gateway Auth

Hello everyone, I have read countless Palo documents and forums but still a little unclear on the above. I'm hoping someone can clear this up for me. The environment I am referring to is Global Protect / Strata Cloud Manager. Under workflows/ prisma access setup / global protect - On that screen under the infrastructure tab we have "User Aut...

ExitCalm by L0 Member
  • 868 Views
  • 1 replies
  • 0 Likes

Microsoft Intune and Autopilot Hybrid AD Join via Prisma

We are having an interesting problem with current GlobalProtect PreLogon domain join.. We have a SCEP infra along with Prisma Global protect and pre-logon configured. We are able to complete a pre-logon and initiate a first login, which then takes us back to Autopilot screen a moment later. Problem is, when it goes back to Autopilot to complete...

Service Connection and Cisco ASA - problem with establish VPN and BGP

Hello Team! I writing this post because I can't find any configuration example which show how to configure S2S VPN between SC and Cisco ASA. I tried to do it by myself and it looks like working, but can't establish BGP peering. On ASA side, I configured route base VPN - using interface tunnel. First little wrinkle with that is ip address for int...

On-Boarding of Cisco SDWAN to Prisma

We are trying to on-board Cisco SDWAN Catalyst to Prisma. Created the necessary IKE/IPSEC configurations, etc, followed Integrate Prisma Access with Cisco Catalyst SD-WAN (Manual Integration) KB When we push to remote networks we receive a validation error [status]: commit failed [errors]: Validation error occurred in:Region: US East Validation ...

Resolved! I'd like to know about certificates for GlobalProtect user authentication.

Attention: JAPAC TPM teamHello Team, Is it possible to apply client certificates to only some user authentications using GlobalProtect depending on the OS type? My understanding is that if a certificate is specified in GlobalProtect's user authentication settings, it will also be set in other user authentication settings, so I don't think th...

y.saitou by L3 Networker
  • 3940 Views
  • 2 replies
  • 0 Likes

The user information linked in the CIE does not match the match criteria in the GP's application settings.

We would like to know the user information that corresponds to the GP sign-in account and tunnel settings and other matching conditions.We are currently verifying SAML login and SSO in our verification environment.In the GP application and tunnel settings, we have specified the user information obtained from the Entra ID as the matching conditio...

Resolved! Could you please tell me about the Embedded Browser Framework Upgrade, an enhancement of GlobalProtect version 6.3?

Attention: JAPAC TPM teamHello Team, I wanted to reduce the amount of user interaction with GlobalProtect's SAML authentication, so I did some research and found the following feature.https://svc-desc.paloaltonetworks.com/mobile-users/gp/gp-agent/#embedded-browser-framework-upgrade◇Embedded Browser Framework UpgradeAs part of pre-implementatio...

y.saitou by L3 Networker
  • 3569 Views
  • 2 replies
  • 0 Likes

Resolved! Please tell me about Client to Firewall and Firewall to Client in the Strata Cloud Manager Firewall/Decryption log.

Attention: JAPAC TPM teamHello Team, Please tell me about Client to Firewall and Firewall to Client in the StrataCloudManager Firewall/Decryption log. My understanding of Client to Firewall and Firewall to Client is as follows.-Client to Firewall: TLS handshake information sent by the client (Client Hello, etc.)-Firewall to Client: TLS informa...

y.saitou by L3 Networker
  • 1779 Views
  • 1 replies
  • 0 Likes

Could you please explain the security policy's "Internet Access Rule"?

Attention: JAPAC TPM teamHello Team, Could you please explain the security policy's "Internet Access Rule"? I have a question about the "File Control Profile" item under "Security Inspection" at the bottom of the settings screen. ▼Predefined- All file types- Best practices- Block file types What does each of these do? Also, there is a "Custo...

y.saitou by L3 Networker
  • 1504 Views
  • 2 replies
  • 0 Likes

Resolved! Regarding the selection of the MU-SPN connection destination

Attention: JAPAC TPM teamHello Team, When IP Optimization is disabled and there are multiple MU-SPNs in a single compute location,how is the MU-SPN to be connected to selected? I understand that it connects to the one that is physically close and has the fastest response,but is load balancing performed? If load balancing is performed, what m...

y.saitou by L3 Networker
  • 1707 Views
  • 2 replies
  • 0 Likes

Resolved! Please tell me about the DNS server address that is dynamically set when connecting to Global Protect.

Attention: JAPAC TPM teamHello Team, If you run ipconfig /all after connecting to GlobalProtect, the DNS server entry will show an IP address in the same segment as the device's IP address. -I understand that this DNS server is the IP address used as a proxy, but is that correct?Also, is it correct to understand that this DNS server's IP addre...

y.saitou by L3 Networker
  • 1954 Views
  • 2 replies
  • 0 Likes

GP agent as user to ip mapping method for Prisma remote network

Is it possible to use GP as user to ip mapping method for Prisma remote network? I cannot see GP portal/gateway configuration buttons (they are looks not active -greyed out) on Remote Network template (Prisma Access managed by Panorama) this settings is available for Mobile User template. Plan was to integrate internal GP gateway add to the Mobi...

bxbukows by L1 Bithead
  • 5096 Views
  • 11 replies
  • 0 Likes
  • 385 Posts
  • 78 Subscriptions
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks