Features in Prisma Access 3.1 Preferred and Innovation
Table of Contents
Expand All
|
Collapse All
Prisma Access Docs
-
3.2 Preferred and Innovation
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
-
- Features in Prisma Access 3.2 and 3.2.1
- Changes to Default Behavior
- Upgrade the Cloud Services Plugin
- Prisma Access Known Issues
- Prisma Access Addressed Issues
- Release Updates for Reports
-
- Features in Prisma Access 3.1 Preferred and Innovation
- Features in Prisma Access 3.0 Preferred and Innovation
- Features Introduced in Prisma Access 2.2 Preferred
- Features Introduced in Prisma Access 2.1 Innovation
- Features Introduced in Prisma Access 2.1 Preferred
- Features Introduced in Prisma Access 2.0 Innovation
- Features Introduced in Prisma Access 2.0 Preferred
- Features Introduced in Prisma Access 1.8
- Features Introduced in Prisma Access 1.7
- Features Introduced in Prisma Access 1.6.1
- Features Introduced in Prisma Access 1.6.0
- Features Introduced in Prisma Access 1.5.1
- Features Introduced in Prisma Access 1.5.0
- Features Introduced in Prisma Access 1.4.0
- Features Introduced in Prisma Access 1.3.1
- Features Introduced in Prisma Access 1.3.0
- Features Introduced in Prisma Access 1.2.0
- Features Introduced in Prisma Access 1.1.0
- Getting Help
-
-
-
-
- Allocate Licenses for Prisma Access (Managed by Strata Cloud Manager)
- Plan Service Connections for Prisma Access (Managed by Strata Cloud Manager) and Add-ons
- Add Additional Locations for Prisma Access (Managed by Strata Cloud Manager) and Add-ons
- Enable Available Add-ons for Prisma Access (Managed by Strata Cloud Manager)
- Search for Subscription Details
- Share a License for Prisma Access (Managed by Strata Cloud Manager) and Add-ons
- Increase Subscription Allocation Quantity
-
- Activate a License for Prisma Access (Managed by Strata Cloud Manager) and Prisma SD-WAN Bundle
- Activate and Edit a License for SASE 5G Through Common Services
-
- Prisma Access Onboarding Workflow
-
4.0 & Later
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
- Prisma Access China
-
- Set Up Prisma Access
- Configure the Prisma Access Service Infrastructure
- Remote Networks: IPSec Termination Nodes and Service IP Addresses
- Remote Networks: IP Address Changes Related To Bandwidth Allocation
- Remote Networks: Service IP Address and Egress IP Address Allocation
- API Examples for Retrieving Prisma Access IP Addresses
- Get Notifications When Prisma Access IP Addresses Change
- Prisma Access Zones
- DNS for Prisma Access
- High Availability for Prisma Access
-
- Enable ZTNA Connector
- Delete Connector IP Blocks
- Set Up Auto Discovery of Applications Using Cloud Identity Engine
- Private AWS Application Target Discovery
- Security Policy for Apps Enabled with ZTNA Connector
- Monitor ZTNA Connector
- View ZTNA Connector Logs
- Preserve User-ID Mapping for ZTNA Connector Connections with Source NAT
-
- Enable Dynamic Privilege Access for Prisma Access Through Common Services
- Authorize User Group Mapping in Cloud Identity Engine for Dynamic Privilege Access
- Enable the Access Agent
- Set Up the Agent Infrastructure for Dynamic Privilege Access
- Create a Snippet
- Create a Project
- Traffic Steering for Dynamic Privilege Access
- Push the Prisma Access Agent Configuration
- Download the Dynamic Privilege Access Enabled Prisma Access Agent Package
-
- Install the Prisma Access Agent
- Log in to the Dynamic Privilege Access Enabled Prisma Access Agent
- Change Preferences for the Dynamic Privilege Access Enabled Prisma Access Agent
- Connect the Dynamic Privilege Access Enabled Prisma Access Agent to a Different Location
- Switch to a Different Project
- Connect the Dynamic Privilege Access Enabled Prisma Access Agent to a Different Server
- Disable the Dynamic Privilege Access Enabled Prisma Access Agent
- Switch Between the Prisma Access Agent and GlobalProtect App
- View and Monitor Dynamic Privilege Access Users
- View and Monitor Dynamic Privilege Access Projects
- Automatic Tunnel Restoration in Dynamic Privilege Access Prisma Access Agents
- Manage Prisma SASE 5G
- App Acceleration in Prisma Access
-
-
- Planning Checklist for GlobalProtect on Prisma Access
- Set Up GlobalProtect Mobile Users
- GlobalProtect — Customize Tunnel Settings
- GlobalProtect — Customize App Settings
- Ticket Request to Disable GlobalProtect
- GlobalProtect Pre-Logon
- GlobalProtect — Clientless VPN
- Monitor GlobalProtect Mobile Users
- How the GlobalProtect App Selects Prisma Access Locations for Mobile Users
- Allow Listing GlobalProtect Mobile Users
-
- Explicit Proxy Configuration Guidelines
- GlobalProtect in Proxy Mode
- GlobalProtect in Tunnel and Proxy Mode
- Private IP Address Visibility and Enforcement for Agent Based Proxy Traffic
- SAML Authentication for Explicit Proxy
- Set Up Explicit Proxy
- Cloud Identity Engine Authentication for Explicit Proxy Deployments
- Proxy Mode on Remote Networks
- How Explicit Proxy Identifies Users
- Explicit Proxy Forwarding Profiles
- PAC File Guidelines
- Explicit Proxy Best Practices
- Monitor and Troubleshoot Explicit Proxy
- Block Settings for Explicit Proxy
- Use Special Objects to Restrict Explicit Proxy Internet Traffic to Specific IP Addresses
- Access Your Data Center Using Explicit Proxy
- App-Based Office 365 Integration with Explicit Proxy
- Chromebook with Prisma Access Explicit Proxy
- Configure Proxy Chaining with Blue Coat Proxy
- IP Address Optimization for Explicit Proxy Users- Proxy Deployments
- DNS Resolution for Mobile Users—Explicit Proxy Deployments
- View User to IP Address or User Groups Mappings
- Report Mobile User Site Access Issues
- Enable Mobile Users to Access Corporate Resources
-
-
- Planning Checklist for Remote Networks
- Allocate Remote Network Bandwidth
- Onboard a Remote Network
- Connect a Remote Network Site to Prisma Access
- Enable Routing for Your Remote Network
- Onboard Multiple Remote Networks
- Configure Remote Network and Service Connection Connected with a WAN Link
- Remote Networks—High Performance
- Integrate a Shared Desktop VDI with Prisma Access Using Terminal Server
-
- Multitenancy Configuration Overview
- Plan Your Multitenant Deployment
- Create an All-New Multitenant Deployment
- Enable Multitenancy and Migrate the First Tenant
- Add Tenants to Prisma Access
- Delete a Tenant
- Create a Tenant-Level Administrative User
- Sort Logs by Device Group ID in a Multitenant Deployment
-
- Add a New Compute Location for a Deployed Prisma Access Location
- How BGP Advertises Mobile User IP Address Pools for Service Connections and Remote Network Connections
- Proxy Support for Prisma Access and Strata Logging Service
- Block Incoming Connections from Specific Countries
- Prisma Access for No Default Route Networks
-
-
- Default Routes With Prisma Access Traffic Steering
- Traffic Steering in Prisma Access
- Traffic Steering Requirements
- Default Routes with Traffic Steering Example
- Default Routes with Traffic Steering Direct to Internet Example
- Default Routes with Traffic Steering and Dedicated Service Connection Example
- Prisma Access Traffic Steering Rule Guidelines
- Configure Zone Mapping and Security Policies for Traffic Steering Dedicated Connections
- Configure Traffic Steering in Prisma Access
- Preserve User-ID and Device-ID Mapping for Service Connections with Source NAT
-
- Prisma Access Internal Gateway
-
- Configure Privileged Remote Access Settings
- Set Up the Privileged Remote Access Portal
- Configure Applications for Privileged Remote Access
- Set Up Privileged Remote Access Profiles
- Define Permissions for Accessing Privileged Remote Access Apps
- Configure Split Tunneling for Privileged Remote Access Traffic
- Manage Privileged Remote Access Connections
- Use Privileged Remote Access
-
- Integrate Prisma Access With Other Palo Alto Networks Apps
- Integrate Third-Party Enterprise Browser with Explicit Proxy
- Integrate Third-Party NDRs with Prisma Access
- Juniper Mist Integration for SASE Health
-
-
- Connect your Mobile Users in Mainland China to Prisma Access Overview
- Configure Prisma Access for Mobile Users in China
- Configure Real-Name Registration and Create the VPCs in Alibaba Cloud
- Attach the CEN and Specify the Bandwidth
- Create Linux Instances in the Alibaba Cloud VPCs
- Configure the Router Instances
- Onboard the GlobalProtect Gateway and Configure the Prisma Access Portal
-
-
-
- INC_CIE_AGENT_DISCONNECT
- INC_CIE_DIRECTORY_DISCONNECT
- INC_GLOBALPROTECT_GW_USER_AUTH_ TIMEOUT_FAILURES_COUNT_EXCEEDED_ ABOVE_BASELINE_ALL_PA_LOCATIONS
- INC_GLOBALPROTECT_GW_USER_AUTH_ TIMEOUT_FAILURES_COUNT_EXCEEDED_ ABOVE_BASELINE_PER_PA_LOCATION
- INC_GLOBALPROTECT_PORTAL_AUTH_ TIMEOUT_FAILURES_COUNT_EXCEEDED_ ABOVE_BASELINE_ALL_PA_LOCATIONS
- INC_GLOBALPROTECT_PORTAL_AUTH_ TIMEOUT_FAILURES_COUNT_EXCEEDED_ ABOVE_BASELINE_PER_PA_LOCATION
- INC_MU_AUTH_SERVER_UNREACHABLE_ALL_ PA_LOCATIONS
- INC_MU_AUTH_SERVER_UNREACHABLE_PER_ PA_LOCATION
- INC_MU_DNS_SERVER_UNREACHABLE_ALL_ PA_LOCATIONS
- INC_MU_DNS_SERVER_UNREACHABLE_ PER_PA_LOCATION
- INC_PORTAL_CLIENTLESS_VPN_AUTH_ TIMEOUT_FAILURES_COUNT_EXCEEDED_ ABOVE_BASELINE_ALL_PA_LOCATIONS
- INC_PORTAL_CLIENTLESS_VPN_AUTH_ TIMEOUT_FAILURES_COUNT_EXCEEDED_ ABOVE_BASELINE_PER_PA_LOCATION
- INC_RN_AUTH_SERVER_UNREACHABLE_ALL_ PA_LOCATIONS
- INC_RN_AUTH_SERVER_UNREACHABLE_PER_ PA_LOCATION
- INC_RN_DNS_SERVER_UNREACHABLE_ALL_ PA_LOCATIONS
- INC_RN_DNS_SERVER_UNREACHABLE_PER_ PA_LOCATION
- INC_RN_ECMP_TUNNEL_RTT_EXCEEDED_ BASELINE
- INC_RN_PRIMARY_WAN_TUNNEL_RTT_ EXCEEDED_BASELINE
- INC_RN_SECONDARY_TUNNEL_DOWN
- INC_RN_SECONDARY_WAN_TUNNEL_RTT_ EXCEEDED_BASELINE
- INC_RN_SITE_CAPACITY_PREDICTION
- INC_SC_PRIMARY_WAN_TUNNEL_RTT_ EXCEEDED_BASELINE
- INC_SC_SECONDARY_WAN_TUNNEL_RTT_ EXCEEDED_BASELINE
- INC_SC_SITE_CAPACITY_PREDICTION
-
- INC_CERTIFICATE_EXPIRY
- INC_GP_CLIENT_VERSION_UNSUPPORTED
- INC_MU_IP_POOL_BLOCK_UTILIZATION_ EXCEEDED_CAPACITY
- INC_MU_IP_POOL_BLOCK_UTILIZATION_ EXCEEDED_THRESHOLD
- INC_PA_INFRA_DEGRADATION
- INC_PA_SERVICE_DEGRADATION_PA_LOCATION
- INC_PA_SERVICE_DEGRADATION_RN_ SITE_CONNECTIVITY
- INC_PA_SERVICE_DEGRADATION_SC_ CONNECTIVITY
- INC_RN_ECMP_BGP_DOWN
- INC_RN_ECMP_BGP_FLAP
- INC_RN_ECMP_PROXY_TUNNEL_DOWN
- INC_RN_ECMP_PROXY_TUNNEL_FLAP
- INC_RN_ECMP_TUNNEL_DOWN
- INC_RN_ECMP_TUNNEL_FLAP
- INC_RN_PRIMARY_WAN_BGP_FLAP
- INC_RN_PRIMARY_WAN_PROXY_TUNNEL_DOWN
- INC_RN_PRIMARY_WAN_PROXY_TUNNEL_FLAP
- INC_RN_PRIMARY_WAN_TUNNEL_DOWN
- INC_RN_PRIMARY_WAN_TUNNEL_FLAP
- INC_RN_SECONDARY_WAN_BGP_DOWN
- INC_RN_SECONDARY_WAN_BGP_FLAP
- INC_RN_SECONDARY_WAN_PROXY_TUNNEL_DOWN
- INC_RN_SECONDARY_WAN_PROXY_TUNNEL_FLAP
- INC_RN_SECONDARY_WAN_TUNNEL_DOWN
- INC_RN_SECONDARY_WAN_TUNNEL_FLAP
- INC_RN_SITE_DOWN
- INC_RN_SITE_LONG_DURATION_CAPACITY_ EXCEEDED_THRESHOLD
- INC_RN_SITE_LONG_DURATION_EXCEEDED_ CAPACITY
- INC_RN_SPN_LONG_DURATION_CAPACITY_EXCEEDED _THRESHOLD
- INC_RN_SPN_LONG_DURATION_EXCEEDED_ CAPACITY
- INC_SC_PRIMARY_WAN_BGP_DOWN
- INC_SC_PRIMARY_WAN_BGP_FLAP
- INC_SC_PRIMARY_WAN_PROXY_TUNNEL_DOWN
- INC_SC_PRIMARY_WAN_PROXY_TUNNEL_FLAP
- INC_SC_PRIMARY_WAN_TUNNEL_DOWN
- INC_SC_PRIMARY_WAN_TUNNEL_FLAP
- INC_SC_SECONDARY_WAN_BGP_DOWN
- INC_SC_SECONDARY_WAN_BGP_FLAP
- INC_SC_SECONDARY_WAN_PROXY_TUNNEL_DOWN
- INC_SC_SECONDARY_WAN_PROXY_TUNNEL_FLAP
- INC_SC_SECONDARY_WAN_TUNNEL_DOWN
- INC_SC_SECONDARY_WAN_TUNNEL_FLAP
- INC_SC_SITE_DOWN
- INC_SC_SITE_LONG_DURATION_CAPACITY_ EXCEEDED_THRESHOLD
- INC_SC_SITE_LONG_DURATION_EXCEEDED_ CAPACITY
- INC_ZTNA_CONNECTOR_APP_STATUS_DOWN
- INC_ZTNA_CONNECTOR_APP_STATUS_DOWN_PARTIAL
- INC_ZTNA_CONNECTOR_CPU_HIGH
- INC_ZTNA_CONNECTOR_MEMORY_HIGH
- INC_ZTNA_CONNECTOR_TUNNEL_DOWN
-
- AL_CIE_AGENT_DISCONNECT
- AL_CIE_DIRECTORY_DISCONNECT
- AL_MU_IP_POOL_CAPACITY
- AL_MU_IP_POOL_USAGE
- AL_RN_ECMP_BGP_DOWN
- AL_RN_ECMP_BGP_FLAP
- AL_RN_PRIMARY_WAN_BGP_DOWN
- AL_RN_PRIMARY_WAN_BGP_FLAP
- AL_RN_PRIMARY_WAN_TUNNEL_DOWN
- AL_RN_PRIMARY_WAN_TUNNEL_FLAP
- AL_RN_SECONDARY_WAN_BGP_DOWN
- AL_RN_SECONDARY_WAN_BGP_FLAP
- AL_RN_SECONDARY_WAN_TUNNEL_DOWN
- AL_RN_SECONDARY_WAN_TUNNEL_FLAP
- AL_RN_SITE_DOWN
- AL_RN_SITE_LONG_DURATION_CAPACITY_ EXCEEDED_THRESHOLD
- AL_RN_SITE_LONG_DURATION_EXCEEDED_ CAPACITY
- AL_RN_SPN_LONG_DURATION_CAPACITY_ EXCEEDED_THRESHOLD
- AL_SC_PRIMARY_WAN_BGP_DOWN
- AL_SC_PRIMARY_WAN_BGP_FLAP
- AL_SC_PRIMARY_WAN_TUNNEL_DOWN
- AL_SC_PRIMARY_WAN_TUNNEL_FLAP
- AL_SC_SECONDARY_WAN_BGP_DOWN
- AL_SC_SECONDARY_WAN_BGP_FLAP
- AL_SC_SECONDARY_WAN_TUNNEL_DOWN
- AL_SC_SECONDARY_WAN_TUNNEL_FLAP
- AL_SC_SITE_DOWN
- AL_SC_SITE_LONG_DURATION_CAPACITY_ EXCEEDED_THRESHOLD
- AL_SC_SITE_LONG_DURATION_EXCEEDED_CAPACITY
- AL_ZTNA_CONNECTOR_APP_STATUS_DOWN
- AL_ZTNA_CONNECTOR_APP_STATUS_DOWN_PARTIAL
- AL_ZTNA_CONNECTOR_CPU_HIGH
- AL_ZTNA_CONNECTOR_MEMORY_HIGH
- AL_ZTNA_CONNECTOR_TUNNEL_DOWN
- New Features in Incidents and Alerts
- Known Issues
Features in Prisma Access 3.1 Preferred and Innovation
This section lists the new features that are available
in Prisma Access 3.1, along with upgrade information and considerations
if you are upgrading from a previous Prisma Access version.
- Cloud Services Plugin 3.1
- Upgrade Considerations for 3.1 Prisma Access Releases
- Minimum Required Software Versions
- New Features—Prisma Access 3.1.2 Preferred and Innovation
- New Features—Prisma Access 3.1.1 Preferred and Innovation
- New Features—Prisma Access 3.1 Preferred
- New Features—Prisma Access 3.1 Innovation
- New Features—Prisma Access 3.1.1 Preferred and Innovation
Cloud Services Plugin 3.1
Prisma Access 3.1 uses a single plugin for both 3.1
Preferred or 3.1 Innovation. By default, the plugin will run 3.1
Preferred. To upgrade to 3.1 Innovation, reach out to your Palo
Alto Networks account representative and submit a request.
Upgrade Considerations for 3.1 Prisma Access Releases
To upgrade to Prisma Access 3.1 Preferred, use one of
the following upgrade paths.
To find your plugin version, select PanoramaCloud ServicesConfigurationService Setup in
Panorama and check the plugin version in the Plugin Alert area.
| Installed Cloud Services Plugin Version | Targeted 3.1 Version | Upgrade Path |
|---|---|---|
| Releases earlier than 2.2 Preferred | 3.1 Preferred |
|
| 2.2 Preferred | 3.1 Preferred |
Direct
upgrades from Prisma Access 2.2 to 3.1 are not supported. |
| All Prisma Access Releases | 3.1 Innovation | To upgrade to 3.1 Innovation, reach out
to your Palo Alto Networks account representative and submit a request.
The request will be reviewed internally and, if approved, your deployment
will be upgraded to 3.1 Innovation. |
Minimum Required Software Versions
For the minimum Panorama version that is supported with
Prisma Access 3.1, see Prisma Access and Panorama Version
Compatibility in the Palo Alto Networks Compatibility
Matrix.
If you have a Cloud Managed Prisma Access deployment, plugin
upgrades are not required; however, the GlobalProtect versions apply
to both Panorama and Cloud Managed versions of Prisma Access.
Prisma Access supports any GlobalProtect version that is not End-of-Life (EoL), including
5.1, 5.2, 5.3, and 6.0. A minimum of GlobalProtect 5.2.5 is required
for GlobalProtect App Log Collection
for Troubleshooting. The Autonomous DEM (ADEM) documentation has
the minimum GlobalProtect and Content Release versions required
for ADEM.
New Features—Prisma Access 3.1.2 Preferred and Innovation
The following features are added for Prisma Access 3.1.2
Preferred and Innovation. To find the new features for Cloud Managed
Prisma Access, see the new features list in
the Prisma Access Release Notes (Cloud
Managed).
To unlock the 3.1.2 features, use a minimum Cloud Services
plugin of 3.1.0-h50.
Feature | Description |
|---|---|
| Panorama 10.2.2 Support | Starting with the Cloud Services plugin version
of 3.1.0-h50, Prisma Access supports a Panorama version of 10.2.2. A
minimum Panorama version of 10.2.2-h1 is required. Do not install Panorama 10.2.2-h1 on the
Panorama that manages Prisma Access until after you have installed
a minimum hotfix plugin version of 3.1.0-h50. In addition, 10.2
Panorama versions lower than 10.2.2 (for example, 10.2.1), or 10.2.2
versions lower than 10.2.2-h1, are not supported for use with Prisma Access. If
you use a Panorama of 10.2.2 with Prisma Access, be aware of the
following PAN-OS Known Issues and Prisma Access Known Issues that are applicable to deployments
running Panorama 10.2.2-h1 with Prisma Access: You
can still use the Panorama versions as described in the Compatibility Matrix. |
| Support for RFC 6598 Addresses in Prisma Access Infrastructure IP Addresses | If your enterprise uses RFC 6598 IP addresses
as a part of your enterprise routable address space, you can use
that address space in the following Prisma Access infrastructure
IP addresses:
The
following functionality is not supported with RFC 6598 addresses: To
enable the use of 100.64.0.0/10 addresses in infrastructure addresses,
reach out to your Palo Alto Networks account representative or partner
and submit a request. An upgrade to 3.1 Innovation is required. |
| Block Incoming Connections from Specific Countries for GlobalProtect, Explicit Proxy, and Remote Network Deployments | Prisma Access allows you to create security
policy rules to block login attempts for Remote Network, Mobile
Users—GlobalProtect, and Mobile Users—Explicit Proxy deployments from
countries you specify. Prisma Access blocks incoming connections
from the countries you specify based on the geo location information from
the source IP address of the client. Block these countries
using the following combination of Rule names, tags, and actions: Rule
names:
Tag:
PA_predefined_embargo_rule Action: Drop To drop traffic
by country, specify one or more countries in the Source tab
of the security policy rule. |
Remapped Prisma Access Locations | To better optimize performance of Prisma Access
locations, the following locations are remapped to the Chile compute
location:
New deployments have the new remapping
applied automatically. If you have an existing Prisma Access deployment
that uses one of these locations and you want to take advantage
of the remapped compute location, follow the procedure to Add a new compute location to
a deployed Prisma Access location. |
New Features—Prisma Access 3.1.1 Preferred and Innovation
The following features are added for Prisma Access 3.1.1
Preferred and Innovation.
To unlock the 3.1.1 features, use a minimum Cloud Services
plugin of 3.1.0-h10.
Feature | Description |
|---|---|
| Dynamic DNS Registration Support for Mobile Users—GlobalProtect | Prisma Access supports the updating of enterprise
DNS servers with mobile users’ A (Address) and PTR (Pointer) records
using Dynamic DNS (DDNS) registration. This functionality allows
system administrators or user management software to access the
remote endpoint with FQDN for troubleshooting and software updates. |
New Features—Prisma Access 3.1 Preferred
The following table describes the new features that
are available with Prisma Access 3.1 Preferred.
Feature | Description |
|---|---|
| New Prisma Access Compute Location for Chile Location | To optimize performance and reduce latency,
Prisma Access adds a new compute location that is hosted in Chile
(South America West), and maps the Chile location to that compute
location. This new compute region is available as of March 28, 2022,
at 12 p.m. UTC. If you add Chile after you install the Cloud Services
3.1 plugin, Prisma Access associates the new compute location automatically.
If you are upgrading from an existing Prisma Access location, you
can use this procedure to
migrate to the new compute location for Chile. |
| Multitenant Support for New Cloud Managed Prisma Access Deployments | New Cloud Managed Prisma Access deployments
support multitenancy using a single cloud-based Prisma SASE Multitanant Cloud
Management Platform, which allows Managed Security Service Providers
(MSSPs) and distributed enterprises to manage the tenants and users
that you create for your Prisma Access instances, and to monitor
those instances. Alternatively, if you are a new customer but
not licensed as an MSSP, you can still use cloud-managed multitenancy
if you want to configure your new Prisma Access deployment into
a hierarchy of business verticals or geographic locations. |
| Support for CASB Bundle and Activation | Palo Alto Networks provides a SKU that allows
you to purchase and activate all the components required for the
cloud access security broker (CASB) security offering, which includes
the following products:
|
| Multitenant Support for Cloud Managed Explicit Proxy Deployments | New Cloud Managed Prisma Access deployments
will support using multitenancy in Explicit Proxy deployments, which
will allow managed security service providers to manage multiple
Prisma Access tenants from a single cloud-based Prisma SASE Multitenant
Platform. |
New Features—Prisma Access 3.1 Innovation
Version 3.1 Innovation includes all the features in
3.1 Preferred and adds the following features.
Feature | Description |
|---|---|
| Migration Support for Legacy Per-Location Bandwidth Model with QoS to Aggregate Bandwidth Model | If you use QoS with your current
Prisma Access remote network deployment and you allocate bandwidth
by location, you can migrate to an aggregate bandwidth
deployment (a deployment that allocates bandwidth by compute
location instead of Prisma Access location), while retaining your
existing QoS policies and profiles. Using the aggregate bandwidth
model, you allocate bandwidth at an aggregate level per compute location, and
Prisma Access dynamically allocates the bandwidth based on load
or demand per location. When you migrate to the allocated bandwidth
model, the bandwidth per location can change if you have multiple
locations onboarded in a single compute location; for
this reason, Palo Alto Networks recommends that
you change your QoS profiles to have a Class Bandwidth Type of Percentage. |
| Explicit Proxy Enhancements | In addition to the Explicit Proxy enhancements
described for 3.0 Preferred ,
Prisma Access offers the following additional enhancements for 3.0 Innovation:
|
| Multi-Cloud Vendor Redundancy for Service Connections | To provide additional redundancy for service
connections, Prisma Access will let you onboard active and backup
service connections from different cloud providers in the same location,
or from different Prisma Access compute locations. Prisma Access
provides you with a list of the supported in-country service
connections you can use as active and backup locations. |