Features Introduced in Prisma Access 2.2 Preferred

Prisma Access will support private app access over IPv6 for dual-stack mobile users and single and dual-stack endpoints at branch offices. The feature will help if you are moving to modern networks that leverage IPv6. Prisma Access will allow you to specify IPv6 addresses in components such as the infrastructure subnet, mobile user IP address pools, and BGP peers. Prisma Access will still use public IPv4 IP addresses for the Mobile Users (GlobalProtect) VPN tunnels and service connection and remote network connection IPSec tunnels.

Prisma Access supports the use of the WildFire Germany Cloud (de.wildfire.paloaltonetworks.com), allowing you to utilize the WildFire cloud-based threat analysis and prevention engine, while ensuring that files submitted for analysis stay in the country to address data location concerns.

Note that certain metadata connected to submitted samples, as described in the WildFire Privacy Datasheet, are shared with our other regional clouds. While submissions stay within German borders, German customers still benefit from the global security intelligence and updates based on the network effect of Palo Alto Networks 42,000+ WildFire customers. Sensitive data and submissions are restricted from leaving Germany when using the WildFire cloud threat analysis service. Samples submitted to the WildFire Germany cloud and the resulting malware analysis, signature generation and delivery occur and remain within German borders.

The following locations will use WildFire Germany Cloud:

Andorra, Austria, Bulgaria, Croatia, Czech Republic, Egypt, Germany Central, Germany North, Germany South, Greece, Hungary, Israel, Italy, Jordan, Kenya, Kuwait, Liechtenstein, Luxembourg, Moldova, Monaco, Nigeria, Poland, Portugal, Romania, Saudi Arabia, Slovakia, Slovenia, South Africa Central, Spain Central, Spain East, Turkey, Ukraine, United Arab Emirates, Uzbekistan

Prisma Access supports the use of SaaS Security Inline to automatically discover and analyze users’ SaaS activity and data usage for Sanctioned and Unsanctioned applications. Having full visibility into the SaaS applications usage, you can reduce the security risks to your organization, like data leakage, malware entry points, and non-compliance.

SaaS Security Inline is a security service that also offers advanced risk scoring, analytics, and reporting.

To allow Prisma Access Clientless VPN users to access Gzip-compressed websites, Prisma Access adds support for Gzip encoding to Clientless VPN deployments.

To enhance the application experience with multi-tenant deployments, Prisma Access now provides flexibility to distribute and enforce ADEM Mobile User license at each tenant. For details, see the technical documentation for Autonomous DEM.

Prisma Access will allow you to use the same DLP capabilities as that used in single-tenant deployments and on next-generation firewalls by adding Enterprise DLP plugin support to multi-tenant deployments.

Use the following guidelines when implementing Enterprise DLP with Prisma Access in a multi-tenant deployment:

To provide better worldwide coverage, Prisma Access will add support for the IoT Security region in the EU. The IoT Security EU region (Germany—Europe) maps to the following Strata Logging Service locations:

If you have set up tunnel monitoring with static routes, you can configure Prisma Access to withdraw the static routes that are installed on service connections and remote network connections when the IPSec tunnel goes down.

You cannot apply this change if tunnel monitoring is not enabled.

This feature will be automatically enabled for Cloud Managed Prisma Access deployments after the 2.2 Preferred upgrade.

Prisma Access offers the following enhancements for Prisma Access for Mobile Users: