New Features - Prisma Access Agent - 26.2

Previously, installing Prisma® Access Agent on Linux automatically installed the Gnome AppIndicator extension and its dependencies to render the system tray icon, regardless of the desktop environment in use. This forced unneeded packages onto endpoints running KDE or other desktop environments. The installer now detects your desktop environment during installation and installs only the dependencies your environment requires.

On distributions running Gnome, the installer checks for the gnome-shell-extension-appindicator extension and installs it if it is not already present. On distributions running KDE, the agent uses the native KStatusNotifierItem protocol to render the system tray icon, with no additional packages installed. If your distribution uses a desktop environment other than Gnome or KDE, the installer proceeds without installing any UI dependencies and displays a warning that the system tray icon and UI pop-ups may not render correctly. The background agent services continue to function as expected.

This change applies to all supported Linux distributions as well as derivative distributions of supported parent families. You can find the installation procedure, including the warning messages you may encounter during installation, in Install the Prisma Access Agent on Linux.

Managing diverse infrastructure needs across corporate offices and remote work environments requires flexible traffic routing. Dynamic location-based steering addresses this challenge by enabling you to route traffic based on user physical location or network. When you deploy Prisma® Access Agent with this feature, the agent detects user location through Internal Host Detection or source IP address matching and applies the appropriate forwarding profile rules automatically.

You can configure different traffic steering behaviors for each office location in your forwarding profiles by adding user location as a matching criterion. This allows you to optimize traffic routing based on where users connect from, ensuring that security policies remain enforced while respecting local network infrastructure. The agent evaluates forwarding profile rules in priority order, matching traffic to the first rule where all criteria including user location are satisfied.

You might use this feature if your organization operates offices with varying network infrastructure or if you need to route traffic differently when users work from branch offices. You configure user locations in Strata Cloud Manager by defining detection criteria using either of the two supported methods, Internal Host Detection or source IP address lists, then reference those locations in your forwarding profile rules alongside existing criteria such as destination addresses and source applications.

You can overcome the challenge of reproducing intermittent endpoint issues by using event-triggered diagnostics for Prisma® Access Agent to automatically collect troubleshooting logs the exact moment a failure occurs. While you currently rely on periodic diagnostics collected daily or on-demand triggers initiated manually, this feature eliminates delays by capturing data instantly. Event-triggered diagnostics only occur when you configure Prisma Access Agent to collect endpoint insights. Once enabled, a watchdog service continuously monitors the endpoint and captures a diagnostic snapshot during predefined system events, such as agent disablement, slow tunnel connections, and IPSec to SSL tunnel fallback. When an event triggers, the system automatically captures the endpoint state and the preceding ten minutes of activity logs to preserve the precise temporal context of the failure. You use this contextual data to investigate and resolve complex connectivity problems.

You can now deploy Prisma® Access Agent for Linux on five additional distributions — Fedora 43, Oracle Linux 9.7, NixOS, and Red Hat Enterprise Linux (RHEL) 9.6 and 10.0 — closing coverage gaps for endpoints running these platforms without consistent zero trust protection. This expansion brings the full range of Prisma Access Agent capabilities to these distributions, including zero trust network access, network traffic inspection and policy enforcement, and centralized endpoint management through the same administrative workflows you use for your other supported Linux platforms.

Fedora 43 support extends coverage for endpoints running the latest Fedora release cycle, widely used in development and engineering environments. Oracle Linux 9.7 and RHEL 9.6 and 10.0 extend coverage to RHEL-compatible enterprise platforms used in data center and cloud deployments. NixOS support integrates all agent components — including the Prisma Access Agent service, command-line interface, and graphical interface — directly into your NixOS system through a dedicated installer script and configuration file, ensuring declarative management consistent with the NixOS philosophy.

You can deploy Prisma Access Agent across all five environments alongside existing Linux deployments, enabling consistent zero trust policy enforcement across your entire Linux fleet. The same management console, security policies, and administrative workflows that govern your other Linux endpoints apply to these distributions, ensuring uniform protection without endpoint migration.

The Prisma® Access Agent pre-logon device tunnel addresses security gaps when endpoint management depends solely on user login by establishing secure connectivity before user authentication. Previously, pre-logon functionality operated as a separate connection method with limited transition options. The pre-logon tunnel now works with both always-on and on-demand connections, allowing you to manage device and user connectivity independently.

You can now configure authentication profiles to support both SAML and certificate authentication. The agent uses device certificates during pre-logon state and applies your chosen authentication methods after users log into the operating system.

You control post-login behavior by configuring whether the device tunnel disconnects immediately upon OS login, within a specified timeout period, or persists until user authentication completes. Persistent mode ensures continuous endpoint connectivity and enables you to manage unattended systems, resolve remote password lockouts, deploy critical patches immediately upon boot, and support remote onboarding workflows.