Prisma Access Agent Administration
  • Prisma Access Agent Administration
  • Prisma Access Agent Documentation
  • All Documentation
>
Configure Gateways for the Prisma Access Agent (NGFW Deployment)
Focus
Download PDF
Focus
  1. Home
  2. Prisma Access Agent
  3. Configure the Prisma Access Agent
  4. Set Up the Prisma Access Agent
  5. Configure Gateways for the Prisma Access Agent
  6. Configure Gateways for the Prisma Access Agent (NGFW Deployment)
Download PDF
Prisma Access Agent

Configure Gateways for the Prisma Access Agent (NGFW Deployment)

Table of Contents
Configure gateways to provide security enforcement for traffic from Prisma Access Agents in NGFW deployments.
You can add external and external gateways for Prisma Access Agent by selecting the external and internal gateways that you configured in the Infrastructure tab.
The following procedure applies to NGFW (Managed by Panorama) deployments.
  1. Navigate to the Prisma Access Agent setup.
    1. Log in to Strata Cloud Manager as the administrator.
    2. Select WorkflowsPrisma Access AgentSetup.
    3. Select Prisma Access Agent.
  2. Select an existing agent configuration or Add Agent Settings to create a new configuration.
  3. If you need to create or update an app configuration rule, follow the instructions in Configure Agent Settings for the Prisma Access Agent (NGFW Deployment). Otherwise, go to the next step.
  4. Add an external gateway.
    1. Select a gateway. The gateways on the list are the same gateways that you added in the Infrastructure settings.
      You can’t enter the FQDN or IPv4 settings here, since the gateway is managed on the Infrastructure tab.
    2. (Optional) Click the + sign to add one or more Source Regions for the gateway, or select Any to make the gateway available to all regions. When users connect, the Prisma Access Agent recognizes the region, and only allows users to connect to gateways that are configured for that region. For gateway selection, the source region is considered first, then gateway priority.
    3. (Optional) Set the Priority of the gateway by clicking the field and selecting one of the following values:
      • If you have only one external gateway, leave the value as Highest (the default).
      • If you have multiple external gateways, you can modify the priority values (ranging from Highest to Lowest) to indicate a preference for the specific user group to which this configuration applies. For example, if you prefer that the user group connects to a local gateway, you would set the priority higher than that of more geographically distant gateways. The priority value is then used to weight the agent’s gateway selection algorithm.
      • If you don't want apps to automatically establish connections with the gateway, select Manual only. This setting is useful in testing environments.
    4. (Optional) Select Manual to identify the external gateway as a manual gateway.
      A manual external gateway resides outside of the corporate network and provides security enforcement, tunnel access, or both for your remote users. The difference between the autodiscovery external gateway and the manual external gateway is that the Prisma Access Agent only connects to a manual external gateway when the user initiates a connection. You can also configure different authentication requirements for manual external gateways.
    5. Add the gateway settings.
  5. Add an internal gateway. Follow the steps for adding an external gateway. The steps are similar.

Technical Documentation

Company

Legal Notices

© 2025 Palo Alto Networks, Inc. All rights reserved.