How Traffic Management Works in Prisma Access Agent
Focus
Focus
Prisma Access Agent

How Traffic Management Works in Prisma Access Agent

Table of Contents

How Traffic Management Works in Prisma Access Agent

Learn how traffic forwarding works to ensure robust security and efficient traffic management for Prisma Access Agents.
Where Can I Use This?What Do I Need?
  • Strata Cloud Manager Managed Prisma Access
  • Check the prerequisites for the deployment you're using
  • Minimum required Prisma Access Agent version: 25.3.0.43
  • macOS 14 and later or Windows 10 version 2024 and later desktop devices
  • Contact your Palo Alto Networks account representative to activate the Prisma Access Agent feature
The Prisma Access Agent manages traffic forwarding through a local proxy system. This local proxy system is enabled during the installation of the Prisma Access Agent, remaining operational until you uninstall the agent. Its primary function is to intercept and manage all network connections.
When the local proxy intercepts a connection, it communicates with a routing component within the Prisma Access service (PASrv). This communication includes crucial details about the connection, such as the source application, destination, and protocol.
The routing component then determines how to handle the connection in three ways: allow the connection to proceed normally, block it entirely, or redirect it through a specified network path. A block response results in the termination of the connection. A redirect can involve forcing the connection through a specific network interface, which could be either a virtual tunnel or a physical network adapter.
The routing decisions are implemented within the core of the system, which manages the forwarding profile rules and determines the appropriate action for each connection based on these rules. Additionally, the Prisma Access Agent includes a separate component that handles inbound connections and ICMP traffic in a similar manner.
Forwarding profiles handle ICMP traffic selectively. With an active tunnel, unbound ICMP traffic routes through it. Tunnel-bound ICMP packets are allowed, while others are blocked. All ICMP traffic passes when the tunnel is disconnected.
This approach ensures that the Prisma Access Agent effectively manages and controls network traffic on macOS and Windows endpoints, providing robust security and traffic management capabilities.
Running the pacli disable command, which disables the Prisma Access Agent, will also disable the local proxy.