- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Prisma Access secures access to the cloud for branch offices and mobile users anywhere in the world with a scalable, cloud-native architecture that will soon be managed via a new, streamlined cloud management UI. Prisma Access blends enterprise-grade security with a globally scalable network that is soon available in more than 100 locations. In addition, service provider partners will be able to rapidly enable secure outbound internet connectivity for their customers.
The following table describes the new features that will be available with Prisma Access 3.0 Preferred.
FEATURE | DESCRIPTION |
Qos Support for Remote Networks |
Prisma Access will support Quality of Service (QoS)for remote networks that allocate bandwidth by compute location. If you are using the bandwidth allocation per compute location model, you will be able to add QoS profiles to prioritize traffic per site.
If you have a deployment that allocates bandwidth by location and uses QoS, do not migrate to a deployment that allocates bandwidth by compute location; migrations with QoS are not supported. |
IP Allow Listing of Prisma Access Public IP Addresses from the Prisma Access UI
|
You will be able to indicate whether or not you use Prisma Access public IP addresses for IP allow listing. You will be able to retrieve the Prisma Access public IP addresses from Panorama (for Panorama Managed Prisma Access deployment) or the Cloud Managed Prisma Access UI (for Cloud Managed Prisma Access deployments) for allow listing purposes. After you make a note of the IP addresses, you add them to your organization's allow lists, then return to Panorama or the Prisma Access UI and mark them as added. You can also note any IP addresses that have not been added to your organization’s allow lists. In this way,Prisma Access uses only the IP addresses you have added to your allow lists in case of an autoscale eventor infrastructure upgrade. |
Google IdP Support for Cloud Identity Engine | To simplify the retrieval of user and group information for deployments that use Google Identity for cloud identity services, Prisma Access will support Google Identity integration with the Cloud Identity Engine. |
Mobile User Regional Redundancy
|
To ensure that your mobile users always have access to the services and applications that are accessible from service connections, you will be able to enable network redundancy during mobile user setup. This feature provides redundant network paths between the mobile user dataplane and service connections that may be in different compute locations.
Enabling redundancy provides you with more resilient access to resources behind service connections in a data center or headquarters location. Because a service connection is required for mobile users to access resources from remote networks, you also have more resiliency in accessing resources in remote network locations.
For either a Cloud Managed or PanoramaManaged Prisma Access deployment, the following prerequisites are required before this feature is enabled:
For Cloud Managed deployments, select Manage > Service Setup > Service Connections > Advanced Settings and make sure that the Backbone Routing option is set to Allow asymmetric routing and load sharing across Service Connections. Prisma Access enables this feature without further configuration.
For Panorama Managed deployments, select Panorama > Cloud Services > Configuration > Service Setup, click the gear to edit the Settings, and, in the Advanced tab, make sure that the Backbone Routing option is set to asymmetric-routing-with-load-share.
|
Prisma SD-WAN CloudBlade Thin Client Integration with Cloud Services Plugin
|
For Prisma SD-WAN integrations with Prisma Access, the Cloud Services plugin will include a built-in CloudBlade thin client that eliminates the requirement to have a Docker container host or Kubernetes environment to host a separate CloudBlade. This integration enables easier onboarding of Prisma SD-WAN devices using remote network connections. |
Maximum Size Increase for External Dynamic Lists |
To allow you to use existing firewall security policy rules and related objects with Prisma Access toimplement a consistent security posture across your network, Prisma Access will increase the maximum size for External Dynamic Lists (EDLs) to the following maximums:
Note: To activate this feature on your service tenant, reach out to your Palo Alto Networks account representative and submit a request. |
FedRAMP Moderate Support |
Panorama Managed Prisma Access has been authorized for FedRAMP Moderate support. Make a note of the following requirements and guidelines to follow when enabling, configuring, and using Prisma Access in a FedRAMP Moderate environment:
|
Protect from Web-Based Threats with RBI Using Proofpoint
|
To support a larger range of use cases and prevent malware, phishing, crypto mining, and other threats, Prisma Access will add Proofpoint as a technology partner to implement Remote Browser Isolation (RBI) using URL response page redirect to the RBI cloud. The RBI integration helps with isolating all active, untrusted web content from endpoints that your
users use to access business-critical internet services and internal networks, and ensure that the corporate network remains safe.
|
WildFire India Cloud Support |
To allow you to adhere to data sovereignty and residency laws as well as established data protection and privacy regulations, Prisma Access supports the use of the WildFire India Cloud (in.wildfire.paloaltonetworks.com). The following locations map to the WildFire India Cloud:
|
WildFire API Support | You will be able to extend the malware detection capabilities of WildFire using the WildFire API. You can use the WildFire API to query WildFire for verdicts, samples, and reports, and to automate the submission of files and links to WildFire for analysis. |
Explicit Proxy Enhancements |
Prisma Access provides the following enhancements for Explicit Proxy:
|
New Prisma Access Compute Locations |
To optimize performance, improve latency, and adhere to data sovereignty rules, Prisma Access adds the following compute locations, and the following locations map to these compute locations:
If you add the locations after you install the Cloud Services 3.0 plugin, Prisma Access associates the new compute locations automatically.
Note: For Explicit Proxy, these new compute locations are supported for new deployments only.
If you are upgrading from an existing Prisma Access deployment and you have already onboarded these locations, complete the following steps to take advantage of the new compute location:
Since you need to allow time to delete and add the existing location and change your allow lists, Palo Alto Networks recommends that you schedule a compute location change during a maintenance window or during off-peak hours. |
EDL Custom Category End Token Support |
If you use URLs in custom URL categories or external dynamic lists (EDLs) and do not append an ending token such as . / ? & = ; +, it is possible to allow more URLs than you intended. For example, entering example.com as a matchingURL instead of example.com/ would also match example.com.website.info or example.com.br.
Prisma Access will allow you to set an ending token to URLs in EDLs or custom URL categories so that, if you enter example.com, Prisma Access treats it as it would treat example.com/ and only matches that URL. |
Version 3.0 Innovation includes all the all the features in 3.0 Preferred and adds the following features.
Support for PAN-OS 10.1 |
Cloud Services 3.0 Innovation uses a dataplane version of PAN-OS 10.1 and you are able to take advantage of PAN-OS 10.1 features up to PAN-OS10.1, including the following features:
|
Explicit Proxy Enhancements |
In addition to the Explicit Proxy enhancements described for 3.0 Preferred, Prisma Access offers the following additional enhancements for 3.0 Innovation:
Command and Control Domains and Malware Domains are currently supported DNS security signature categories. |
SaaS Security Inline Enforcement | In addition to the SaaS Visibility feature that was introduced with Prisma Access 2.2 Preferred, you will be able to import SaaS policy recommendations from SaaS Security Inline to gain control of the applications in the policy recommendation. |
Commit Error Reporting Improvements |
When you receive configuration-related errors during commits, Prisma Access has replaced generic <meta charset="utf-8" />messages you previously received with messages that more clearly communicate the cause of the misconfiguration. For example, authentication objects without authentication profiles receive a message indicating the object with the missing profile instead of a generic message indicating an issue with the commit.
Other message improvements include:
|
For more information about Prisma Access, please visit the LIVEcommunity Prisma Access Technologies page for a complete Customer Journey Guide, events, webinars, videos, and discussions dedicated to Prisma Access.
Feel free to share your questions, comments and ideas in the section below!
Thank you for taking time to read this blog.
Don't forget to hit the Like (thumbs up) button and to Subscribe to the LIVEcommunity Blog area.
Kiwi out!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Subject | Likes |
---|---|
2 Likes | |
1 Like | |
1 Like | |
1 Like | |
1 Like |