Secure internet access for multinational organizations with branches in China through
explicit proxy.
Multinational organizations operating in China face unique challenges in securing
internet access for users and headless devices where VPN agents cannot be installed
due to compliance reasons or network restrictions.
Prisma
® Access
explicit proxy support in China addresses
this critical need by providing a secure internet gateway that works without
requiring default route changes to the infrastructure, while coexisting with VPN
agents.
This solution also acts as a reliable proxy solution that complies with local
regulations while effectively managing internet access and safeguarding sensitive
information across endpoints. The explicit proxy support in China leverages AWS
infrastructure with a 1:1 architecture where each Envoy proxy is paired with a proxy
firewall virtual machine (VM). This architecture enables secure traffic handling
while accommodating the unique networking constraints.
When you implement this solution, users connecting from branch locations can
access the internet securely through the explicit proxy without having GlobalProtect
® clients installed. Additionally, headless devices such as IoT systems
or servers can route traffic through the proxy for security inspection. The
service integrates with your existing authentication methods, including SAML and
Kerberos, and supports the same Security policy rules you configure for your global
deployment. Palo Alto Networks NGFW capabilities securely inspect traffic,
with logs and telemetry available through the same management interface you use for
your global deployment. The architecture also supports routing specific domains to
Service Connection when needed, providing flexibility for accessing both internet
and private resources.