Prisma Access
Create a Snippet
Table of Contents
Expand All
|
Collapse All
Prisma Access Docs
-
-
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
-
-
-
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Create a Snippet
Create a snippet to group configurations of the Prisma Access Agent that you
can quickly push to your deployments.
Where Can I Use This? | What Do I Need? |
---|---|
|
|
You can create a snippet to group the configurations of Prisma Access Agents that you can quickly push to your deployments.
Snippets are used to standardize a common base configuration for a set of
project-based deployments, allowing you to quickly onboard new devices with a known
good configuration and reducing the time required to onboard a new device.
After you create the snippet, you will associate the snippet to a scope, assign a
user to the scope, and grant the user the Project Admin role. The user can then log
in as the Project Admin and use the snippet to manage the project settings for the
Prisma Access Agent. The Project Admin can only change the Prisma Access Agent settings for the snippets that they are assigned to.
To create a snippet, complete the following steps:
- Log in to Strata Cloud Manager as the Superuser.Select ManageConfigurationNGFW and Prisma Access.Select Overview and expand the Configuration Scope to view the Snippets.Add Snippet and enter the following details:
- Enter a Name for the snippet.(Optional) Enter a Description for the snippet.(Optional) Assign one or more Labels.You can select an existing label or create a new label by typing the label you wanted to create.To ensure that object names are unique across a snippet, Add prefix to object names is enabled by default.Choose whether to Auto generate a random prefix or select Manual and add your own Prefix Value. The prefix value can be alphanumeric and have a maximum of six characters.The prefix will have the format xxxxxx-. When you add an object, Strata Cloud Manager will prepopulate the object name with the prefix.Create the snippet.After you create the snippet, you're in the Configuration Scope for the snippet. All configurations you create while in the snippet scope occurs only for the snippet.Associate the snippet to the Access Agent folder.
- In the Overview page of your snippet, select the Snippet Associations settings.Select Access Agent from the Config trees.Click the X to close the Snippet Associations window.Access Agent appears in the list of Snippet Associations.If you have not done so already, create an identity for the user who will be managing projects and assign the Project Admin Push role to the user.
- From Strata Cloud Manager, select SettingsIdentity & Access.Select Add Identity.Enter the Identity Address for the user who will be the project administrator and click Next.Select Add AccessPrisma Access & NGFW Configuration and select the Project Admin Push role for the user.Click Submit.Create a management scope for the snippet and assign a user to that scope.
- Select ManageAccess ControlScope Management.Create New Scope.Enter a Name for the scope and view the Snippets.Associate the snippet to the scope. Select the snippet that you created and Add it.In the Scope Objects, Assign Users to the scope that you created for your snippet.Assign a user to the scope by selecting a user from the list and giving the user the Project Admin role.Close the window.Push the configuration.
- Select ManageOperationsPush Config.
- Select the All Admins admin scope and select Push ConfigPush.
After the push config operation is completed, the snippet is created and the roles are associated with the snippet.The assigned user (project admin) can now log in to Strata Cloud Manager and configure project-specific using the snippet that you created. The user can view other scopes that they are not assigned to, but they cannot interact with them, such as changing any configurations.