Prisma Access
Prisma Access Internal Gateway (Panorama)
Table of Contents
Expand All
|
Collapse All
Prisma Access Docs
-
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
-
-
-
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Prisma Access Internal Gateway (Panorama)
Prisma Access
Internal Gateway (Panorama
)- Notice that there are no internal host detection and internal gateway configurations at present.
- Go to.PanoramaCloud ServicesConfigurationRemote NetworksSettings
- Enable Internal Gatewayand save the changes.(Optional)Enable Prisma Access Internal Host Detectionfor IPv4 if you don't want to use your own DNS server. You can enable the internal host detection only after you selectEnable Internal Gateway.When you enable the internal gateway, the remote network instances act as internal gateways. When you enable the internal host detection,Prisma Accesscreates PTR records on the remote network DNS proxy servers for the internal host detection process.When you enable the internal gateway,Prisma Accesscreates an internal gateway configuration in a remote network template.
- Go toand selectTemplatesNetworkGlobalProtectGatewaysRemote_Network_Template.You will find theGlobalProtect_Internal_Gatewaytemplate created for the internal gateway.
- Create an authentication profile for this remote network template similar to the authentication profile in the mobile user template.
- Select the remote network template,GlobalProtect_Internal_Gatewaytemplate, hyperlink.
- Go to.AuthenticationClient Authentication
- Edit the authentication profile details of theDEFAULTclient authentication.. Ensure to selectTemplateDeviceAuthentication ProfileMobile_User_Template.You can also view the authentication profile for the remote network template by selecting. SelectTemplatesDeviceAuthentication ProfileRemote_Network_Template.
- Create a device certificate for the remote network template similar to the device certificate in the mobile user template.
- Select the remote network template,GlobalProtect_Internal_Gateway, hyperlink.
- Go to.AgentClient Settings
- Select theDEFAULTconfiguration, and go toAuthentication Overridesettings.
- Edit theCertificate to Encrypt/Decrypt Cookiesettings, and create a new device certificate.. Ensure to selectTemplateDeviceCertificate ManagementCertificatesDevice CertificatesMobile_User_Template. TheDEFAULTconfiguration references theAuthentication Cookie CAcertificate. Follow the same hierarchy as the one inMobile_User_Templatefor successful authentication.You can also view the device certificate for the remote network template by selecting. SelectTemplateDeviceCertificate ManagementCertificatesDevice CertificatesRemote_Network_Template.
- Pushthe changes to mobile users and remote networks at the same time.