Prisma Access
Changes to Default Behavior for Prisma Access 5.1
Table of Contents
Changes to Default Behavior for Prisma Access 5.1
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
The following table details the changes in default behavior for the Cloud Services plugin
version 5.1 and 5.1.1.
| Component | Change |
|---|---|
| Set GlobalProtect App Version in Prisma Access Global Settings | Starting with Prisma Access 5.1.1, you must set the
GlobalProtect App version in Prisma Access. If you do not set the
GlobalProtect version, you will be prompted to upgrade the GlobalProtect
version every time a new version is released. To set the
GlobalProtect version:
|
| Remapped Prisma Access Locations | To better optimize the performance of Prisma Access, the
following locations have been remapped to the following compute
locations:
New deployments have the new remapping applied automatically. If
you have an existing Prisma Access deployment that uses one of these
locations and you want to take advantage of the remapped compute
location, follow the procedure to add a new compute location to a
deployed Prisma Access location. |
| Upgrade Considerations for the PAN-OS 11.2 | If you choose to have Palo Alto Networks upgrade your dataplane to
PAN-OS 11.2, make sure that you're aware of the following changes and
upgrade considerations before you schedule the upgrade:
|
| FQDNs Substituted for Service IP Addresses for Service Connections and Remote Network Connections (Panorama Managed Deployments Only) | For new Prisma Access (Managed by Panorama) deployments, when you onboard a new service connection or remote network connection, Prisma Access provides you with an FQDN instead of a Service IP Address as the peer IP address. If you need to use an IP address for the other side of the service connection or remote network connection instead of the FQDN, you can find the Service IP Address under . |
| Troubleshooting Commands Renamed to Serviceability Commands (Panorama Managed Deployments Only) | The Troubleshooting Commands area in Panorama Managed Prisma Access () has been renamed to Serviceability Commands (). |
| swg-known-auth-bypass User in Explicit Proxy Deployments | For the domains bypassed for authentication in Explicit Proxy, users will be tracked as swg-known-auth-bypass instead of unknown user, which was used previously. Ensure that security policy rules for those authentication bypassed domains allow swg-known-auth-bypass or pre-defined "Known-Users". |
| IP Address Consolidation for Deployments that Have Migrated to IP Optimization |
If you have an existing Prisma Access that has had one or more
regions migrated to IP Optimization and are
using Prisma Access Allow
listing, some IP addresses that you have allow listed
have moved from the Allocated Egress IP
addresses area to the Allocated Ingress
IP addresses area in the Prisma Access UI.
This change is a result of IP address consolidation as a part of the
Prisma Access 5.2.1 infrastructure upgrade. Your networks can still
reach these IP addresses and you no longer have to allow list them.
|
