>
    Access Your Data Center Using Explicit Proxy
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma Access
    3. Prisma Access Mobile Users
    4. Mobile Users: Explicit Proxy
    5. Access Your Data Center Using Explicit Proxy
    Download PDF
    Prisma Access

    Access Your Data Center Using Explicit Proxy

    Table of Contents

    Access Your Data Center Using Explicit Proxy

    This is how you use Explicit Proxy to access resources in your data center.
    Where Can I Use This?
    What Do I Need?
    • Prisma Access (Managed by Strata Cloud Manager)
    • Prisma Access (Managed by Panorama)
    • Prisma Access
       5.1 Preferred
    • (For private and partner app access)
      GlobalProtect app
       version 6.2 for Windows or macOS
    You can use service connections to access resources in your data center, such as external dynamic lists or private and partner apps, while still benefiting from an Explicit Proxy connection.
    Make sure the private apps are not set as DIRECT in the PAC file.

    Access Your Data Center Using Explicit Proxy (
    Strata Cloud Manager
    )

    This is how you access your data center using
    Prisma Access
     Explicit Proxy in
    Strata Cloud Manager
    .
    3. Ensure that the
      DESTINATION
      Zones
       for internet-bound traffic is set to
      untrust
       instead of
      any
      .
      Failure to perform this step could result in unintended access to your data center.
      1. Select
        Manage
        Configuration
        NGFW and Prisma Access
        Configuration Scope
        Folders
        Prisma Access
        Mobile Users Container
        Explicit Proxy
        Security Services
        Security Policy
        .
      2. Open a rule for internet-bound traffic.
      3. Ensure
        Zones
         under
        DESTINATION
         is set to
        untrust
        .
      4. Repeat for all of your internet-bound traffic rules.
    4. Enable private application access.
      1. Select
        Workflows
        Prisma Access Setup
        Explicit Proxy
        Infrastructure Settings
        Enable Private App Access for Explicit Proxy
        .
    5. Create security policy rules for the data center resources you want to access.
      1. Select
        Manage
        Configuration
        NGFW and Prisma Access
        Configuration Scope
        Folders
        Prisma Access
        Mobile Users Container
        Explicit Proxy
        Security Services
        Security Policy
        .
      In rules for data center access, ensure
      Zones
       under
      DESTINATION
       is set to
      trust
      .

    Access Your Data Center Using Explicit Proxy (
    Panorama
    )

    Access resources hosted in your data center using
    Prisma Access
     Explicit Proxy.
    3. Configure zone mappings.
      1. Select
        Panorama
        Cloud Services
        Configuration
        Mobile Users - Explicit Proxy
        Zone Mapping
      2. Add the zones that you will use to access your data center resources to
        Trusted Zones
        .
    4. Ensure that the
      Destination ZONE
       in policy rules for internet-bound traffic is set to an untrust zone instead of
      any
      .
      Failure to perform this step could result in unintended access to your data center.
      1. Select
        Policies
        .
      2. Set the
        Device Group
         to
        Explicit_Proxy_Device_Group
        .
      3. Change the
        Destination ZONE
         from
        any
         to one of the untrust zones you configured in an earlier step.
    5. Enable private application access.
      1. Select
        Panorama
        Cloud Services
        Configuration
        Mobile Users - Explicit Proxy
        Settings
        Advanced
        Enable Private Application Access
    6. Create security policy rules for the data center resources you want to access.
      1. Select
        Policies
        .
      2. Set the
        Device Group
         to
        Explicit_Proxy_Device_Group
        .
      3. In rules for data center access, ensure that you use the
        Trusted
         zones you configured in an earlier step.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.