Prisma Access Agent
Get Started with Prisma Access Agent
Table of Contents
Get Started with Prisma Access Agent
Configure and deploy the Prisma Access Agent in environments managed by Panorama for
secure remote access connectivity.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
Prisma Access Agent provides secure connectivity for end users accessing corporate
resources through Panorama managed environments.
This guide walks you through the setup process, from initial configuration to
deployment and validation for Panorama Managed Prisma Access or NGFW
deployments. For
Panorama managed deployments, the agent integrates with existing Panorama
infrastructure to deliver consistent security policies and centralized management
for remote access scenarios.
For detailed requirements, see:
You can get started with the Prisma Access Agent in Panorama managed
deployments.
Get Started with Prisma Access Agent for Panorama Managed Deployments
Configure and deploy the Prisma Access Agent in environments managed by Panorama for
secure remote access connectivity.
Follow these steps to start configuring and deploying Prisma Access Agents in
Panorama Managed Prisma Access or NGFW deployments.
- Enable the Prisma Access Agent.
- If you don’t already have Strata Cloud Manager, enable it for managing Prisma Access Agent configurations:Follow the instructions in NGFW Support for Prisma Access Agent.Contact your Palo Alto Networks account representative to activate the Prisma Access Agent feature.Configure the infrastructure settings.
- Launch the Prisma Access Agent configuration interface.
- For Panorama Managed Prisma Access deployments:
- From Panorama, selecting .
![]()
- Navigate to the Prisma Access Agent Setup page by selecting .
- For Panorama Managed NGFW deployments:
- Log in to Strata Cloud Manager as the administrator.
- Navigate to the Prisma Access Agent Setup page by selecting .
Configure the Prisma Access Agent Domain Name (also known as the EPM FQDN) as specified here:Configure the following settings in Panorama:These configuration appears as read-only in the Prisma Access Agent configuration interface.![]()
Configure user authentication so that only legitimate Prisma Access Agent users have access to your services and applications.Configure Prisma Access Agent components.- Agent Settings: Configure basic agent parameters using Set Up the Prisma Access Agent.Gateways: Set up gateway configurations following Configure Gateways for the Prisma Access Agent.Staged Rollouts: Configure agent upgrade phases using Staged Rollouts for Prisma Access Agents.Global Settings: Configure application-wide settings using Configure General Global Settings for the Prisma Access Agent.For external or NGFW gateways, enable the Authentication Override Cookie and ensure the same certificate is used across all gateways using Configure a Certificate to Decrypt the Authentication Override Cookie.Forwarding Profiles: Set up traffic management using Set Up Forwarding Profiles to Manage Agent Traffic.Deploy and validate the agent.
- Download the Agent Package: Get the installation package using Download the Prisma Access Agent Package.Install the Agent: Deploy the agent on client devices using Install the Prisma Access Agent or Deploy the Prisma Access Agent using MDM software.Verify Functionality: Test agent connectivity and functionality using one of the following methods:
- Prisma Access Agent for Desktop Devices.
- Check the status of the agent, EPM, and tunnel using the Prisma Access Agent commands (PACli).
- For Panorama Managed Prisma Access deployments:
