Get Started with Prisma Access Agent
Focus
Focus
Prisma Access Agent

Get Started with Prisma Access Agent

Table of Contents

Get Started with Prisma Access Agent

Configure and deploy the Prisma Access Agent in environments managed by Panorama for secure remote access connectivity.
Where Can I Use This?What Do I Need?
  • Prisma Access (Managed by Panorama)
  • NGFW (Managed by Panorama)
  • Check the prerequisites for the deployment you're using
  • Contact your Palo Alto Networks account representative to activate the Prisma Access Agent feature
Prisma Access Agent provides secure connectivity for end users accessing corporate resources through Panorama managed environments. This guide walks you through the setup process, from initial configuration to deployment and validation for Panorama Managed Prisma Access or NGFW deployments. For Panorama managed deployments, the agent integrates with existing Panorama infrastructure to deliver consistent security policies and centralized management for remote access scenarios.
For detailed requirements, see:
You can get started with the Prisma Access Agent in Panorama managed deployments.

Get Started with Prisma Access Agent for Panorama Managed Deployments

Configure and deploy the Prisma Access Agent in environments managed by Panorama for secure remote access connectivity.
Follow these steps to start configuring and deploying Prisma Access Agents in Panorama Managed Prisma Access or NGFW deployments.
  1. Enable the Prisma Access Agent.
    1. If you don’t already have Strata Cloud Manager, enable it for managing Prisma Access Agent configurations:
      Follow the instructions in NGFW Support for Prisma Access Agent.
    2. Contact your Palo Alto Networks account representative to activate the Prisma Access Agent feature.
  2. Configure the infrastructure settings.
    1. Launch the Prisma Access Agent configuration interface.
      • For Panorama Managed Prisma Access deployments:
        1. From Panorama, selecting PanoramaCloud ServicesPrisma Access AgentLaunch Prisma Access Agent.
        2. Navigate to the Prisma Access Agent Setup page by selecting WorkflowsPrisma Access AgentSetup.
      • For Panorama Managed NGFW deployments:
        1. Log in to Strata Cloud Manager as the administrator.
        2. Navigate to the Prisma Access Agent Setup page by selecting WorkflowsPrisma Access AgentSetup.
    2. Configure the Prisma Access Agent Domain Name (also known as the EPM FQDN) as specified here:
    3. Configure the following settings in Panorama:
      These configuration appears as read-only in the Prisma Access Agent configuration interface.
  3. Configure user authentication so that only legitimate Prisma Access Agent users have access to your services and applications.
  4. Configure Prisma Access Agent components.
    1. Agent Settings: Configure basic agent parameters using Set Up the Prisma Access Agent.
    2. Gateways: Set up gateway configurations following Configure Gateways for the Prisma Access Agent.
    3. Staged Rollouts: Configure agent upgrade phases using Staged Rollouts for Prisma Access Agents.
    4. Global Settings: Configure application-wide settings using Configure General Global Settings for the Prisma Access Agent.
      For external or NGFW gateways, enable the Authentication Override Cookie and ensure the same certificate is used across all gateways using Configure a Certificate to Decrypt the Authentication Override Cookie.
    5. Forwarding Profiles: Set up traffic management using Set Up Forwarding Profiles to Manage Agent Traffic.
  5. Deploy and validate the agent.
    1. Download the Agent Package: Get the installation package using Download the Prisma Access Agent Package.
    2. Install the Agent: Deploy the agent on client devices using Install the Prisma Access Agent or Deploy the Prisma Access Agent using MDM software.
    3. Verify Functionality: Test agent connectivity and functionality using one of the following methods: