Prisma Access secures access to the cloud for branch offices and mobile users anywhere in the world with a scalable, cloud-native architecture that will soon be managed via a new, streamlined cloud management UI. Prisma Access blends enterprise grade security with a globally scalable network that is soon available in more than 100 locations. In addition, service provider partners will be able to rapidly enable secure outbound internet connectivity for their customers.
Prisma Access will support private app access over IPv6 for dual-stack mobile users and single and dual-stack endpoints at branch offices. The feature will help if you are moving to modern networks that leverage IPv6. Prisma Access will allow you to specify IPv6 addresses in components such as the infrastructure subnet, mobile user IP address pools, and BGP peers. Prisma Access will still use public IPv4 IP addresses for the Mobile Users (GlobalProtect) VPN tunnels and service connection and remote network connection IPSec tunnels.
Prisma Access will support Quality of Service (QoS) for remote networks thatallocate bandwidth by compute location. With this feature, if you have a per-site bandwidth model with a QoS configuration, you will be allowed to migrate to the per-compute location bandwidth allocation for Remote Networks. If you are already using the bandwidth allocation per compute location model, you will be able to add QoS profiles to prioritize traffic per site. SeeChanges to Default Behaviorfor more details.
If your deployment currently allocates remote network bandwidth by location and you want to migrate to allocating bandwidth by compute location, you can implement QoS after you migrate
If your deployment currently allocates remote network bandwidth by location and has configured QoS for remote networks, the migration to aggregate bandwidth will not be permitted.
Prisma Access supports the use of the WildFire Germany Cloud (de.wildfire.paloaltonetworks.com), allowing you to utilize the WildFire cloud-based threat analysis and prevention engine, while ensuring that files submitted for analysis stay in the country to address data location concerns.
Note that certain metadata connected to submitted samples, as described in theWildFire Privacy Datasheet, are shared with our other regional clouds. While submissions stay within German borders, German customers still benefit from the global security intelligence and updates based on the network effect of Palo Alto Networks 42,000+ WildFire customers. Sensitive data and submissions are restricted from leaving Germany when using the WildFire cloud threat analysis service. Samples submitted to the WildFire Germany cloud and the resulting malware analysis, signature generation and delivery occur and remain within German borders.
The following locations will use WildFire Germany Cloud:
Andorra, Austria, Bulgaria, Croatia, Czech Republic, Egypt, Germany Central, Germany North, Germany South, Greece, Hungary, Israel, Italy, Jordan, Kenya, Kuwait, Liechtenstein, Luxembourg, Moldova, Monaco, Nigeria, Poland, Portugal, Romania, Saudi Arabia, Slovakia, Slovenia, South Africa Central, Spain Central, Spain East, Turkey, Ukraine, United Arab Emirates, Uzbekistan
Use the following guidelines when implementing Enterprise DLP with Prisma Access in a multi-tenant deployment:
If you have an existing DLP deployment and are running a Prisma Access Preferred release, you will need to upgrade from Enterprise DLP on Prisma Access to the DLP plugin after you upgrade to Prisma Access 2.2 Preferred. See the Changes to Default Behavior for details.
If you are upgrading from an Innovation release to 2.2 Preferred, you are already using the Enterprise DLP plugin and no upgrade is required.`
You manage DLPdata patternsanddata filtering profilesat the superuser-level admin user, and all tenants share the same patterns and profiles.However, you can implementsecurity policiesat a per-tenant level and associate different data filtering profiles per tenant, to allow you per-tenant control over what profiles are used.
The superuser-level admin user must commit all changes to Panorama whenever you change any DLP profiles or patterns.
To provide better worldwide coverage, Prisma Access will add support for the IoT Security region in the EU. The IoT Security EU region (Germany—Europe) maps to the following Cortex Data Lake locations:
If you have set up tunnel monitoring with static routes, you can configure Prisma Access to withdraw the static routes that are installed on service connections and remote network connections when the IPSec tunnel goes down.
You cannot apply this change if tunnel monitoring is not enabled.
This feature will be automatically enabled for Cloud Managed Prisma Access deployments after the 2.2 Preferred upgrade.