Prisma Access Quickplays

Showing results for 
Show  only  | Search instead for 
Did you mean: 
L4 Transporter
100% helpful (1/1)

Brief Description

A suite of deployment, configuration, and service information skillets for Prisma Access mobile users including:


  • Panorama instantiation in Azure or AWS
  • Panorama licensing, content updates, software updates, and basic configuration
  • Prisma Access service setup, mobile user, and remote network configuration/onboarding
  • Prisma Access API queries to view service information


Target Audience

This skillet is intended for Palo Alto Networks SEs, PSEs, Partners, and Customers that are using Prisma Access and looking for simplified Panorama deployment and configuration.


Solution Details


Github Location:

Github Branches: master

Panorama Versions Supported: 9.0.x running cloud services plugin version 1.5 (9.1 not currently supported)

Type of Skillet: panorama, python, terraform, docker


  • Prisma Access Deploy Panorama
  • Prisma Access Configure Service Setup
  • Prisma Access Configure Mobile Users
  • Prisma Access Configure Remote Networks
  • Prisma Access Assess Tools


Full Description

The description below gives an overview of the skillet elements. For detailed information regarding prerequisites and skillet usage please review the Prisma Access Skillet documentation.


Playing the skillets currently requires panHandler.



The first step in the skillet will access the user's Azure or AWS account and deploy a virtual instance of Panorama using Terraform templates. This is a simplified alternative to using the Azure Resource Manager UI or AWS UI for Panorama deployment.


After Panorama is online and the IP address is accessible, the Step 2 skillet will:

  • apply the serial number and license Panorama
  • perform a software update
  • install content updates
  • install the Prisma Access cloud services plugin


For users that are not using the Step 1 deploy skillets and deploy their own Panorama, the Step 3 skillet can also be used to help automate the steps listed above to ensure Panorama deployment is complete.


The last deploy piece is to use the Customer Support Portal to generate a One Time Password that is used in Panorama to verify the cloud service.




Service Setup Collection

Initial configuration of the infrastructure subnet and BGP AS


Mobile User Collection


After verification is complete, Panorama is ready for configuration. For mobile users, this requires the initial service setup and the mobile user configuration.


There are 2 configuration options depending on access to the Panorama API: API and non-API.


API Option

This series of skillets leverage the Panorama API generate a configuration file, import to Panorama, and use 'load config partial' commands to merge the configuration elements into the candidate configuration.


Non-API Option

For remote support or users without access to the Panorama API, this option will generate a full configuration file that can be manually imported to Panorama. Once imported the documentation includes a small set of load config partial commands that can be pasted into the CLI to do the configuration.


Remote Network Collection

Initial Remote Network setup and onboarding configuration using the Panorama API. Includes IKE/IPSEC Crypto profiles, IKE gateway, IPSEC tunnel, and plug-in onboarding configuration.



The assess skillet provides a simple interface to query Prisma Access and obtain service information. Details for the REST queries can be found in the Admin Guide



Rate this article:
  • 112 Subscriptions
Register or Sign-in
Article Dashboard
Version history
Last Updated:
‎10-25-2021 05:39 PM
Updated by: