Features Introduced in Prisma Access 2.0 Innovation

Autonomous Digital Experience Management (DEM) is now available for mobile users who use the GlobalProtect app!

You can use Autonomous Digital Experience Management (Autonomous DEM) to get visibility into user experience, application and network performance. With Autonomous DEM, you gain segment-wise insights across the entire service delivery path, with real and synthetic traffic analysis that enables the ability to drive autonomous remediation of digital experience problems when they arise. Get Started Now.

Autonomous DEM requires an add-on license, and requires The GlobalProtect app version 5.2.6 or later.

New Cloud Services 2.0 Innovation customers are running a dataplane version of PAN-OS 10.0.3 and are able to take advantage of PAN-OS 10.0 features up to PAN-OS 10.0.3, including the following features:

GlobalProtect version 5.2.5 is required to use GlobalProtect App Log Collection for Troubleshooting.

You can use Prisma Access to implement IoT security. IoT Security applies machine learning and AI to discover and identify connected devices and then presents them in a dynamically generated inventory.

Prisma Access supports the use of the Panorama plugin for DLP 1.0.3 to implement Enterprise Data Loss Prevention (DLP) with Prisma Access.

If you have an existing deployment with Enterprise DLP on Prisma Access and want to upgrade to the Cloud Services plugin 2.0 Innovation version, Palo Alto Networks provides you with a migration process to transfer to using DLP with the DLP Panorama plugin.

If you have a Prisma Access for Users license, you can add compromised devices to a quarantine list and block users from logging in to the network from that device using GlobalProtect.

If you have a Prisma Access for Users license, you can quickly resolve mobile user connection, performance, and access issues by having GlobalProtect users generate and send an easy to read, comprehensive report from the end user’s endpoint to Strata Logging Service for further analysis.

This release adds a UI element to allow you to generate and store the certificate that is required for communication between the GlobalProtect app and Strata Logging Service, eliminating the CLI requirement.

You can configure an explicit proxy to secure mobile users with a proxy URL and a Proxy Auto-Configuration (PAC) file. If your organization’s existing network already uses explicit proxies and deploys PAC files on your client endpoints, you can smoothly migrate to Prisma Access to secure mobile users’ outbound internet traffic.

You can still secure mobile users with GlobalProtect. If you want to add an explicit proxy to an existing mobile users deployment, you can divide your mobile users license between the users you want to secure with GlobalProtect and the users you want to secure with an explicit proxy.

Explicit proxy uses your existing Mobile User license. Whether you have a new deployment or if you upgrade, you can divide your mobile user license between Mobile Users - GlobalProtect and Mobile Users - Explicit Proxy.

To allow you to integrate your organization’s cloud directory with Prisma Access, you can activate and use your Directory Sync instance with Azure Active Directory.

When you create rules for targets when you configure traffic steering for service connections, Prisma Access adds support for the following capabilities:

Prisma Access makes the following BGP community changes:

Prisma Access supports the following Strata Logging Service regions:

Prisma Access removes the requirements to have a symmetric network path for the traffic returning from the data center. Asymmetric flows are allowed through the Prisma Access backbone. This removal allows you to configure ECMP or any other load balancing mechanism for service connections from your CPE.

This capability is not enabled by default; to enable it, change the Backbone Routing options in your service setup settings.

Prisma Access offers the following enhancements when you specify DNS settings for mobile users and remote networks:

Prisma Access allows you to view pervasive artifacts on the AutoFocus Dashboard and view reports on the WildFire portal.

Prisma Access supports Transport Layer Security (TLS) 1.3 for mobile user (GlobalProtect) deployments and remote networks.

TLS 1.3 is not supported on Explicit Proxy deployments.

You can advertise summary routes from data centers and the remote networks chooses the closest service connection as the next hop.

Prisma Access has made improvements that enhance load balancing for multiple service connections that you have onboarded in different Prisma Access locations. For example, if you have two service connections onboarded in the US West location and two service connections onboarded in the US East location, Prisma Access load balances the traffic for summary prefixes at each data center to which the service connections are attached. This enhancement effectively increases the available bandwidth for a data center location that you have connected using multiple service connections at different Prisma Access locations.