Workflows: Mobile Users
Where Can I Use This? | What Do I Need? |
|
- Prisma Access license
- Strata Logging Service license
|
Before configuring mobile users, ensure that you have the required licenses (Prisma Access license for mobile users and a Strata Logging Service license
with proper firewall storage space). If mobile users will be connecting to other
connected networks, you will need either the Zero Trust Network Access (ZTNA) or
Enterprise Edition Prisma Access license that will provide the corporate access node
(CAN) necessary to connect.
You will first choose your connection type, or you may use both GlobalProtect, explicit
proxy, or both. For both connection types, there are only a few required settings that
you need to fill out initially to enable Prisma Access to provision your mobile users'
environment.
Connect to Prisma Access.
Determine how mobile users in the location you’re setting up should connect to
Prisma Access. You can divide your mobile user license between
GlobalProtect and explicit proxy connections; some users can connect through
GlobalProtect and others through explicit proxy.
The GlobalProtect app installed on mobile user devices sends traffic to Prisma Access.
Set up the infrastructure.
Set up basic infrastructure settings and then configure the infrastructure
settings that are specific to your connection type (GlobalProtect or Explicit
Proxy).
A proxy auto-config (PAC) file on mobile user devices redirects browser
traffic to Prisma Access.
Choose the Prisma Access Location.
The map displays the global regions where you can deploy Prisma Access for Users:
North America, South America, Europe, Africa, Middle East, Asia, Japan, and ANZ
(Australia and New Zealand). In addition, Prisma Access provides multiple
locations within each region to ensure that your users can connect to a location
that provides a user experience tailored to the users’ locale. For the best
performance, Select All. Alternatively, select the specific locations within
each selected region where your users will need access. By limiting your
deployment to a single region, you can have more granular control over your
deployed regions and exclude regions required by your policy or industry
regulations.
Add the Prisma Access Locations.
Configure the settings to add the Prisma Access locations you want to support
your users.
Authenticate Mobile Users.
Set up User Authentication so that only legitimate users have access to your
services and applications. To test your setup, you can add users that Prisma Access authenticates locally, or you can go straight to setting up
enterprise-level authentication.
After you push your initial configuration to Prisma Access, Prisma Access begins
provisioning your mobile user environment. This can take up to 15 minutes. When your
mobile-user locations are up and running, you’ll be able to verify them on the Mobile
Users setup page, the Summary Overview page, and within Prisma Access Insights.