If you'd like to enable Private Source IP based visibility
and enforcement on Explicit Proxy in your Prisma Access environment,
get in touch with your account team to learn more.
Prisma Access
license
Use Explicit Proxy to secure mobile users by redirecting browser traffic to Prisma Access.
Onboarding Guidelines
—Use the following guidelines when you license and onboard
your Explicit Proxy deployment:
Explicit Proxy supports a subset of Prisma Access
locations.
You cannot add locations that are denoted with two asterisks; these are Local Zones
and are not supported with Prisma Access.
If you have a Local or Evaluation license for Prisma Access for Users and you
have a Mobile Users—GlobalProtect deployment as well as a Mobile Users—Explicit
Proxy deployment, you can deploy a maximum of five locations for each (five
locations maximum for Mobile Users—GlobalProtect and five locations maximum for
Mobile Users—Explicit Proxy). If you have a Worldwide license, there are no
restrictions for the maximum number of locations.
Explicit Proxy supports multitenancy under the following conditions: if you have
an existing Prisma Access non-multitenant deployment and convert it to a multitenant
deployment, only the first tenant (the tenant you migrated) supports
Explicit Proxy. Any subsequent tenants you create for the multitenant deployment
after the first do not support Explicit Proxy.
When onboarding an Explicit Proxy deployment, Palo Alto Networks recommends that
all the configuration be performed in a single browser. You can, however, add
security policies from multiple browsers or browser sessions.
URL filtering actions of
continue
or
override
are not supported and do not work with Explicit
Proxy.
