Prisma Access
Cloud Management
Table of Contents
Expand All
|
Collapse All
Prisma Access Docs
-
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
-
-
-
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Cloud Management
Cloud Management
Define tunnel settings for GlobalProtect app.
- Click.Manage > Service Setup > Mobile Users > GlobalProtect Setup > GlobalProtect App > Add Tunnel SettingsIf you are using Strata Cloud Manager, click.Workflow >Prisma AccessSetup > Mobile User > GlobalProtect Setup > GlobalProtect App > Add Tunnel Settings
- Enter a name and theMatch Criteriato specify the users, devices, or systems that should receive the settings. For example, you could specify that a tunnel settings rule applies to all instances of the GlobalProtect app in a certain region.
- EnableAuthentication OverrideforPrisma Accessto generate and accept secure, encrypted cookies for user authentication. This setting allows the user to provide login credentials only once during the specified period of time.
- Generate cookie for authentication override—Enables the Prisma Access to generate encrypted, endpoint-specific cookies and issue authentication cookies to the endpoint.
- Accept cookie for authentication override—EnablesPrisma Accessto authenticate users with a valid, encrypted cookie. When the app presents a valid cookie,Prisma Accessverifies that the cookie was encrypted byPrisma Accessoriginally, decrypts the cookie, and then authenticates the user.The GlobalProtect app must know the username of the connecting user to match and retrieve the associated authentication cookies from the user’s endpoint. After the app retrieves the cookies, it sends them toPrisma Accessfor user authentication.
- EnableSplit Tunnelingto define what traffic the GlobalProtect app allows or restricts through the VPN tunnel toPrisma Access. Split Tunneling conserves bandwidth by excluding trafficPrisma Accessthat is not business critical or does not enable productivity.
- Local Network Access—Give Windows and Mac users access to local resources, without requiring them to first connect to Prisma Access.Exclude Traffic—Specify traffic to exclude fromPrisma Accesspolicy inspection and enforcement based on application, domain, and route (like an IP address).Customize Include Traffic—By default, the GlobalProtect app routes all traffic toPrisma Accessexcept what's in the exclude list. Specify traffic that the GlobalProtect app should always route toPrisma Access, even when it meets exclude list criteria.
- Exclude Video Stream Trafficto not send video streaming traffic from the listed applications toPrisma Access. By excluding lower risk video streaming traffic (such as YouTube and Netflix) from the VPN tunnel, you can decrease bandwidth consumption. The video streaming exclusions are applied to all traffic the GlobalProtect app sends toPrisma Access, not just the match criteria you've defined for this rule.
- Save the settings. Repeat the above steps to add more tunnel settings.
- (Optional)Moveto set the order of priority in which the VPN tunnel setting is used while connecting toPrisma Access.