Access Your Data Center Using Explicit Proxy (Strata Cloud Manager)

1. Configure a service connection, Colo-Connect or ZTNA Connector in Prisma Access based on your requirement.
2. Configure DNS settings.
3. Ensure that the DESTINATION Zones for internet-bound traffic is set to untrust instead of any.

   Failure to perform this step could result in unintended access to your data center.

   1. Go to ConfigurationNGFW and Prisma Access, set the Configuration Scope to Prisma AccessMobile Users ContainerExplicit Proxy, then select Security PolicySecurity Services.
   2. Open a rule for internet-bound traffic.
   3. Ensure Zones under DESTINATION is set to untrust.

   4. Repeat for all of your internet-bound traffic rules.
4. Enable private application access.

   • Enable private application access using Prisma Access Browser.
     1. Select ConfigurationPrisma Access SetupConfiguration ScopePrisma AccessExplicit Proxy Infrastructure Settings
        and Enable Prisma Access Browser. Under Proxy URL Settings, select Enable Private App Access for Explicit Proxy.

   • Enable private application access using a regular browser.
     1. Select ConfigurationNGFW and Prisma AccessConfiguration ScopeExplicit ProxyExplicit Proxy Infrastructure Settings
        Enable Agent ProxyEnable Private App Access for Explicit Proxy.

5. Create security policy rules for the data center resources you want to access.

   1. Go to ConfigurationNGFW and Prisma Access, set the Configuration Scope to Prisma AccessMobile Users ContainerExplicit Proxy, then select Security PolicySecurity Services.
   2. Create security policy rules.

   In rules for data center access, ensure Zones under DESTINATION is set to trust.

6. If you enable Private Application Access under Explicit Proxy, Push Config to save your configuration changes after onboarding the ZTNA Connector.