New Features - Prisma Access Agent - 26.1.1

Organizations with stringent security requirements need the ability to enforce periodic validation to ensure continuous trust verification of user identities. Prisma® Access Agent already delivers continuous trust verification today by seamlessly validating the user in the background without disrupting the end-user experience. Augmenting this capability, Prisma Access Agent now enables you to configure how frequently users are prompted to re-authenticate, with customizable intervals ranging from 10 hours to 30 days. You can set customizable warning timers to notify users before re-authentication is required, preventing unexpected disconnections and workflow disruption. The feature introduces a re-authentication frequency setting that controls user refresh token lifetime globally across your deployment. The gateway session timeout setting has been renamed for clarity and notification preferences are now managed at the global level.

For Dynamic Privilege Access-enabled Prisma Access Agents, you can enforce stricter security enforcement by enabling aggressive authentication, which forces immediate re-authentication when users connect or extend gateway sessions.

IPv6 dual-stack support for Prisma Access Agent enables you to steer both IPv4 and IPv6 traffic. You can configure forwarding profiles with IPv6 addresses alongside existing IPv4 rules to control how traffic reaches applications. This feature prepares your deployment for the growing adoption of IPv6 in enterprise networks while maintaining full IPv4 compatibility. You can access applications configured with IPv6 addresses and leverage IPv6 performance benefits by bypassing Carrier-Grade NAT limitations common on modern mobile networks. The agent creates a virtual adapter that will accommodate both IPv4 and IPv6 address pools configured on the gateway. Internal Host Detection is not supported at this time for IPv6, so only IPv4 reverse DNS queries can be made to determine when tunnel suppression is appropriate. The Endpoint Manager inventory displays IPv4 public and both IPv4 and IPv6 private addresses to assist with troubleshooting network connectivity issues.