| Where Can I Use
This? | What Do I Need? |
|---|
If you have a
Prisma Access (Managed by Strata Cloud Manager)deployment,
Strata Cloud Manager lets you
configure quarantine list redistribution. If
you have a
Prisma Access (Managed by Panorama) deployment, each
Prisma Access mobile user
location sends and receives its quarantine information between the Panorama that
manages
Prisma Access and its nearest service connection. If you have
next-generation firewalls or gateways, you should have the service connection
redistribute the quarantine list information to and from Panorama and the
on-premises firewalls or gateways. You should also redistribute the quarantine list
information from Panorama to the service connection to ensure consistent policy
enforcement for all mobile user locations (gateways) in
Prisma Access.
Note that Prisma Access supports a unidirectional flow for User-ID
redistribution, and bi-directional User-ID redistribution isn't supported. In
addition, when an Internal Gateway is part of the User-ID redistribution flow,
remote networks perform native redistribution by default to a preselected service
connection. If you edit and configure User-ID redistribution:
- Make sure that you do not introduce any bidirectional loops. For example, if you
have an existing setup to redistribute User-ID information from service
connections to remote networks, change the default Prisma Access
redistribution setup to not redistribute that information from remote networks
to service connections.
- Do not configure on-premise firewalls (either internal or external) to use a
bi-directional flow. For example, configure User-ID redistribution either from
Prisma Access to on-premise next-generation firewalls (either to mobile
users or remote networks) or from on-premise firewalls to Prisma Access.
