Focus

Prisma Access

Cloud Management

Table of Contents

Filter

Expand All | Collapse All

Prisma Access Docs

Administration
Version
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Integrations
Incidents & Alerts
Release Notes
Version
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred

Cloud Management

Define tunnel settings for GlobalProtect app.

Click

Manage > Service Setup > Mobile Users > GlobalProtect Setup > GlobalProtect App > Add Tunnel Settings

If you are using Strata Cloud Manager, click

Workflow > Prisma Access Setup > Mobile User > GlobalProtect Setup > GlobalProtect App > Add Tunnel Settings

Enter a name and the

Match Criteria

to specify the users, devices, or systems that should receive the settings. For example, you could specify that a tunnel settings rule applies to all instances of the GlobalProtect app in a certain region.

Enable Authentication Override
for Prisma Access to generate and accept secure, encrypted cookies for user authentication. This setting allows the user to provide login credentials only once during the specified period of time.

Generate cookie for authentication override
—Enables the Prisma Access to generate encrypted, endpoint-specific cookies and issue authentication cookies to the endpoint.

Accept cookie for authentication override
—Enables Prisma Access to authenticate users with a valid, encrypted cookie. When the app presents a valid cookie, Prisma Access verifies that the cookie was encrypted by Prisma Access originally, decrypts the cookie, and then authenticates the user.

The GlobalProtect app must know the username of the connecting user to match and retrieve the associated authentication cookies from the user’s endpoint. After the app retrieves the cookies, it sends them to Prisma Access for user authentication.

Enable Split Tunneling
to define what traffic the GlobalProtect app allows or restricts through the VPN tunnel to Prisma Access. Split Tunneling conserves bandwidth by excluding traffic Prisma Access that is not business critical or does not enable productivity.

Local Network Access
—Give Windows and Mac users access to local resources, without requiring them to first connect to Prisma Access.

Exclude Traffic
—Specify traffic to exclude from Prisma Access policy inspection and enforcement based on application, domain, and route (like an IP address).

Customize Include Traffic
—By default, the GlobalProtect app routes all traffic to Prisma Access except what's in the exclude list. Specify traffic that the GlobalProtect app should always route to Prisma Access, even when it meets exclude list criteria.

Exclude Video Stream Traffic
to not send video streaming traffic from the listed applications to Prisma Access. By excluding lower risk video streaming traffic (such as YouTube and Netflix) from the VPN tunnel, you can decrease bandwidth consumption. The video streaming exclusions are applied to all traffic the GlobalProtect app sends to Prisma Access, not just the match criteria you've defined for this rule.

Save the settings. Repeat the above steps to add more tunnel settings.

(Optional) Move
to set the order of priority in which the VPN tunnel setting is used while connecting to Prisma Access.

Prisma Access Docs

Cloud Management

Prisma Access Docs

Cloud Management

Recommended For You

Activation & Onboarding

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

Best Practices

Experts Corner