Panorama managed Prisma access

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Panorama managed Prisma access

L1 Bithead

Hi Team , 

 Is it mandatory to have Panorama in HA mode in Panorama managed Prisma access deployment mode?

what are the disadvantages if we go with standalone Panorama. 

 

Thanks 

1 ACCEPTED SOLUTION

Accepted Solutions

Cyber Elite
Cyber Elite

Thank you for reply @DeepakVerma

 

If Panorama goes down it will not impact any VPN connectivity / traffic going through Prisma. Panorama is only for management plane. If you are worried about deploying a new Panorama, then I would recommend Cloud Managed Prisma Access instead: https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-cloud-managed-release-notes/rel... Using Panorama to manage Prisma Access makes more sense if you already have one in your environment or if you want to have a unified management of existing Firewalls + Prisma Access.

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

View solution in original post

4 REPLIES 4

Cyber Elite
Cyber Elite

Thank you for the post @DeepakVerma

 

it is not mandatory to have Panorama HA to manage Prisma Access, but it is recommended to have an HA pair. In the case of Panorama Hardware failure or while performing PAN-OS upgrade, you will not loose connectivity to Prisma. Other than this, I can't think of any disadvantage to use a standalone Panorama. Below is a link for documentation:

https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama-admin/license-prisma-a...

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

@PavelK Thanks for confirmation. 
Suppose we have vpn access (user connected to Corp network) managed using Panorama managed Prisma setup and if standalone Panorama goes down  , this will impact VPN connectivity as well right ? or may be i am wrong here .

Cyber Elite
Cyber Elite

Thank you for reply @DeepakVerma

 

If Panorama goes down it will not impact any VPN connectivity / traffic going through Prisma. Panorama is only for management plane. If you are worried about deploying a new Panorama, then I would recommend Cloud Managed Prisma Access instead: https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-cloud-managed-release-notes/rel... Using Panorama to manage Prisma Access makes more sense if you already have one in your environment or if you want to have a unified management of existing Firewalls + Prisma Access.

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

L1 Bithead

@PavelK Thanks for your reply  🙏 ...

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!