Prisma Access
Use Explicit Proxy with GlobalProtect (or a Third-Party VPN)
Table of Contents
Use Explicit Proxy with GlobalProtect (or a Third-Party VPN)
See some examples of using GlobalProtect with Explicit
Proxy in a mobile users deployment.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
You can combine Explicit Proxy with GlobalProtect or a third-party VPN:
- Explicit Proxy and GlobalProtect
- Use GlobalProtect in split tunnel mode to provide secure access to private apps only.
- Use explicit proxy to secure public apps, including internet traffic and external SaaS applications.
- Explicit Proxy and a Third-Party VPNIf you are using a VPN client for access to data center and private applications, you can continue to use that client to secure access to private apps while you use Explicit Proxy and a PAC file to secure access to public apps. You can deploy Explicit Proxy in a location close to your mobile users, which eliminates the need to backhaul traffic to your data center for web security.
The following figure shows a deployment using a GlobalProtect gateway along with Explicit Proxy.
GlobalProtect routes the traffic using the GlobalProtect client to the Palo Alto
Networks next-generation firewall. To configure this deployment, you create a split tunnel configuration in GlobalProtect,
allowing private apps to be secured with GlobalProtect and public apps to be secured
with Explicit Proxy. When configuration is complete, mobile users connect to the private
apps in your organization’s data center using GlobalProtect and connect to private
internet-based apps using Explicit Proxy.
If you have a third-party VPN, you can use it to connect to private
apps in the data center, while securing public apps using Explicit
Proxy, as shown in the following figure.
Get started: