>
    NGFW Support for Prisma Access Agent
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma Access Agent
    3. Prisma Access Agent Administration
    4. License and Activation
    5. NGFW Support for Prisma Access Agent
    Download PDF
    Prisma Access Agent

    NGFW Support for Prisma Access Agent

    Table of Contents

    NGFW Support for Prisma Access Agent

    NGFW Support for Prisma Access Agent enables gradual adoption and management of Prisma Access Agents for NGFW deployments, enhancing secure access capabilities.
    Where Can I Use This?What Do I Need?
    • NGFW (Managed by Panorama)
    • Check the prerequisites for the supported PAN-OS versions
    • Prisma Access Agent license for NGFW deployments
    NGFW support for Prisma Access Agent offers a way for you to adopt and use Prisma Access Agents in your existing NGFW infrastructure. This feature enhances secure access management while maintaining compatibility with existing authentication methods and NGFW setups, offering a smooth transition path to advanced Prisma Access Agent capabilities.
    As an administrator, you will work with several key components to implement and manage this feature. The primary management platforms involved are Panorama and Strata Cloud Manager. While you can use Panorama to independently manage gateway configurations, Strata Cloud Manager serves as the central hub for managing Prisma Access Agent-specific settings, including user authentication, agent configurations, and infrastructure details. Prisma Access Agent integrates with existing authentication infrastructures. It supports various authentication methods, including Active Directory (AD), client certificate, and Cloud Identity Engine, ensuring compatibility with your current setup.

    Coexistence Considerations with GlobalProtect

    NGFW for Prisma Access Agent supports coexistence with GlobalProtect in the same deployment, enabling a gradual migration strategy. This enables you to maintain your existing NGFW setup while introducing Prisma Access Agent capabilities to your environment. While this feature supports coexistence with GlobalProtect in the same deployment, having both the agents active on the same endpoint is not a supported use case.
    The Prisma Access Agent license entitles you to use the GlobalProtect app and Prisma Access Agent, and replaces the former GlobalProtect Gateway License.

    Prisma Access Agent NGFW Support Requirements

    Prisma Access Agent for NGFW deployment requires the following components:
    • Prisma Access Agent licenses for NGFW deployments
    • Prisma Access Agent Manager, sometimes called endpoint manager (EPM), a cloud service for centralized agent lifecycle management and visibility
    • Strata Cloud Manager for managing agent configurations
    • Cloud Identity Engine (CIE) for user and user group mapping during authentication
    • (Optional) Strata Logging Service (SLS) for log forwarding
    Understanding the interaction between NGFW gateways and Prisma Access Agent is essential. The following figure illustrates how the key components work together.

    © 2025 Palo Alto Networks, Inc. All rights reserved.