Prisma Access Agent Administration
  • Prisma Access Agent Administration
  • Prisma Access Agent Documentation
  • All Documentation
>
Configuration Management Overview for NGFW Support for Prisma Access Agent
Focus
Download PDF
Focus
  1. Home
  2. Prisma Access Agent
  3. License and Activation
  4. NGFW Support for Prisma Access Agent
  5. Configuration Management Overview for NGFW Support for Prisma Access Agent
Download PDF
Prisma Access Agent

Configuration Management Overview for NGFW Support for Prisma Access Agent

Table of Contents
Review the configuration management overview to understand the workflows for the different management platforms.
Where Can I Use This?What Do I Need?
  • NGFW (Managed by Panorama)
  • PAN-OS version 11.2.x
  • Prisma Access Agent version 25.1.0.14
  • Prisma Access Agent license for NGFW deployments
  • macOS 14 and later or Windows 10 version 2024 and later desktop devices
NGFW support for Prisma Access Agent enables you to manage Prisma Access Agents alongside your existing NGFW infrastructure, enabling a gradual adoption strategy for Prisma Access Agents.
The following table illustrates the day 0 workflow for the different management platforms.
ManagementDay 0 Configuration Workflow
On Panorama or NGFW gateway
  1. Import certificates for authentication override cookie
  2. Onboard internal and external gateways
On Strata Cloud Manager
  1. Register the
  2. Define internal and external gateways
  3. Import certificates
  4. Set Up Cloud Identity Engine for Prisma Access Agent User Authentication
  5. Create simplified forwarding profiles
  6. Create agent settings
  7. Define upgrade rings for staged rollout upgrades
  8. Provide the anti-tamper unlock password
  9. Select the authentication override cookie
Note the following for this workflow:
  • Manage the gateway configurations independently using your existing management platform (Panorama, Strata Cloud Manager, or the native web interface)
  • Use the Prisma Access Agent management plane on Strata Cloud Manager to manage Prisma Access Agent configurations
  • There is no configuration sync between the gateway and the agent management plane
  • When you add or delete a gateway and rotate the authentication override cookie certificate, you will need to manually update the cert on both the gateway and on the agent management plane

Technical Documentation

Company

Legal Notices

© 2025 Palo Alto Networks, Inc. All rights reserved.