Use the recommended best practices when implementing a Prisma Access Explicit Proxy
deployment.
Where Can I Use This?
What Do I Need?
Prisma Access (Managed by Strata Cloud Manager)
Prisma Access (Managed by Panorama)
Prisma Access
license
Use the recommended Best Practices when implementing your Explicit Proxy deployment for
optimal performance and an ideal user experience:
General Explicit Proxy Deployment Best Practices
:
Deploy Explicit Proxy in at least two regions for redundancy.
If all your users are behind a NAT device, and if Explicit Proxy sees the IP
address of the NAT device as the source IP address, you should allocate one
NAT IP address per 500 mobile users.
PAC File Best Practices
—When setting up the PAC file,
bypass all SAML, CIE, and Authentication Cache Service (ACS) URLs.
SAML Authentication Best Practices
:
Set the SAML Authentication
Cookie Lifetime
to 24
hours to have the best user experience without authentication
interruptions.
—To restrict access to Explicit Proxy to
specific source IP addresses, use special objects, which
include Address Objects, Address Groups, and External Dynamic Lists (EDLs).