Explicit Proxy is a reliable proxy solution that complies with local regulations while effectively managing internet access and safeguarding sensitive information across endpoints. And as of now, Prisma Access supports these proxy solutions in China, as well.

Multinational organizations operating in China face unique challenges in securing internet access for users and headless devices where VPN agents can't be installed due to compliance reasons or network restrictions. Prisma Access explicit proxy support in China addresses this need by providing a secure internet gateway that works without requiring default route changes to the infrastructure, while coexisting with VPN agents.

The explicit proxy support in China leverages AWS infrastructure with a 1:1 architecture where each Envoy proxy is paired with a proxy firewall virtual machine (VM). This architecture enables secure traffic handling while accommodating the unique networking constraints.

When you implement this solution, users connecting from branch locations can access the internet securely through the explicit proxy without having Global Protect clients installed. Additionally, headless devices such as IoT systems or servers can route traffic through the proxy for security inspection.

The service integrates with your existing authentication methods, including SAML and Kerberos, and supports the same Security policy rules you configure for your global deployment. Traffic is securely inspected using Palo Alto Networks NGFW capabilities, with logs and telemetry available through the same management interface you use for your global deployment. The architecture also supports routing specific domains to Service Connection when needed, providing flexibility for accessing both internet and private resources.