>
    Changes to Default Behavior for Prisma Access 5.1
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma Access
    3. Prisma Access Release Information
    4. Changes to Default Behavior for Prisma Access 5.1
    Download PDF
    Prisma Access

    Changes to Default Behavior for Prisma Access 5.1

    Table of Contents

    Changes to Default Behavior for
    Prisma Access
     5.1

    Where Can I Use This?
    What Do I Need?
    • Prisma Access (Managed by Strata Cloud Manager)
    • Prisma Access (Managed by Panorama)
    • Minimum Required Prisma Access Version
       5.1 Preferred or Innovation
    The following table details the changes in default behavior for the Cloud Services plugin version 5.1 and 5.1.1.
    Component
    Change
    Set GlobalProtect App Version in
    Prisma Access
     Global Settings
    Starting with
    Prisma Access
     5.1.1, you must set the GlobalProtect App version in Prisma Access. If you do not set the GlobalProtect version, you will be prompted to upgrade the GlobalProtect version every time a new version is released.
    To set the GlobalProtect version:
    • Prisma Access (Managed by Strata Cloud Manager)
       Deployments
      : From
      Strata Cloud Manager
      , go to
      Workflows
      Prisma Access
       Setup
      GlobalProtect
      GlobalProtect App
      , click the gear to edit the
      GlobalProtect App Settings
      , and select the
      GlobalProtect App Version
      .
    • Prisma Access (Managed by Panorama)
       Deployments
      : From Panorama, go to
      Panorama
      Cloud Services
      Configuration
      Service Setup
      GlobalProtect App Activation
       and make sure that you have selected an
      Active GlobalProtect App version
       and, if you haven't,
      Activate new GlobalProtect app version
      .
    Remapped Prisma Access Locations
    To better optimize the performance of
    Prisma Access
    , the following locations have been remapped to the following compute locations:
    • The
      South Africa Central
       location is remapped to the South Africa Central compute location.
    • The
      Canada West
       location is remapped to the Calgary West (Calgary) compute location.
    New deployments have the new remapping applied automatically. If you have an existing Prisma Access deployment that uses one of these locations and you want to take advantage of the remapped compute location, follow the procedure to add a new compute location to a deployed Prisma Access location.
    Upgrade Considerations for the PAN-OS 11.2
    If you choose to have Palo Alto Networks upgrade your dataplane to PAN-OS 11.2, make sure that you're aware of the following changes and upgrade considerations before you schedule the upgrade:
    FQDNs Substituted for Service IP Addresses for Service Connections and Remote Network Connections
     (
    Panorama Managed Deployments Only
    )
    For new
    Prisma Access (Managed by Panorama)
     deployments, when you onboard a new service connection or remote network connection, Prisma Access provides you with an
    FQDN
     instead of a
    Service IP Address
     as the peer IP address. If you need to use an IP address for the other side of the service connection or remote network connection instead of the FQDN, you can find the Service IP Address under
    Panorama
    Cloud Services
    Configuration
    Service Setup
    Service Operations
    Serviceability Commands
    Service IP Address
    .
    Troubleshooting Commands Renamed to Serviceability Commands
     (
    Panorama Managed Deployments Only
    )
    The
    Troubleshooting Commands
     area in Panorama Managed Prisma Access (
    Panorama
    Cloud Services
    Configuration
    Service Setup
    Service Operations
    Troubleshooting Commands
    ) has been renamed to
    Serviceability Commands
     (
    Panorama
    Cloud Services
    Configuration
    Service Setup
    Service Operations
    Serviceability Commands
    ).
    swg-known-auth-bypass User in Explicit Proxy Deployments
    For the domains bypassed for authentication in Explicit Proxy, users will be tracked as
    swg-known-auth-bypass
     instead of
    unknown user
    , which was used previously. Ensure that security policy rules for those authentication bypassed domains allow
    swg-known-auth-bypass
    or
    pre-defined "Known-Users".

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.