Configuration Management Overview for NGFW Support for Prisma Access Agent
Review the configuration management overview to understand the workflows for the
different management platforms.
| Where Can I Use This? | What Do I Need? |
|---|
- NGFW (Managed by Panorama)
|
- Check the prerequisites for the supported PAN-OS versions
- Prisma Access Agent license for NGFW deployments
|
NGFW support for Prisma Access Agent enables you to manage Prisma Access Agents alongside your existing NGFW infrastructure, enabling a
gradual adoption strategy for Prisma Access Agents.
The following table illustrates the day 0 workflow for the different management
platforms.
| Management | Day 0 Configuration Workflow |
|---|
| On Panorama or NGFW gateway |
- Import certificates for authentication override cookie
- Onboard internal and external gateways
|
|
Note the following for this workflow:
Manage the gateway configurations independently using your existing management
platform (Panorama or the native web interface)
Use the Prisma Access Agent management plane on Strata Cloud Manager to manage Prisma Access Agent configurations
There is no configuration sync between the gateway and the agent
management plane
When you add or delete a gateway and rotate the authentication override cookie
certificate, you will need to manually update the cert on both the gateway and
on the agent management plane
