Learn how traffic forwarding works to ensure robust security and efficient traffic
management for Prisma Access Agents.
The Prisma Access Agent manages traffic forwarding through a local proxy system. This
local proxy system is enabled during the installation of the Prisma Access Agent,
remaining operational until you uninstall the agent. Its primary function is to
intercept and manage all network connections.
When the local proxy intercepts a connection, it communicates with a routing
component within the Prisma Access service (PASrv). This communication includes
crucial details about the connection, such as the source application, destination,
and protocol.
The routing component then determines how to handle the connection in three ways:
allow the connection to proceed normally, block it entirely, or redirect it through
a specified network path. A block response results in the termination of the
connection. A redirect can involve forcing the connection through a specific network
interface, which could be either a virtual tunnel or a physical network adapter.
The routing decisions are implemented within the core of the system, which manages
the forwarding profile rules and determines the appropriate action for each
connection based on these rules. Additionally, the Prisma Access Agent includes a
separate component that handles inbound connections and ICMP traffic in a similar
manner.
Forwarding profiles handle ICMP traffic selectively. With an active tunnel,
unbound ICMP traffic routes through it. Tunnel-bound ICMP packets are allowed,
while others are blocked. All ICMP traffic passes when the tunnel is
disconnected.
This approach ensures that the Prisma Access Agent effectively manages and controls
network traffic on macOS and Windows endpoints, providing robust security and
traffic management capabilities.
Running the pacli disable command,
which disables the Prisma Access Agent, will also disable the local proxy.
