Prisma Access Service Connections

• A service connection allows access to the resources in your HQ or data center.
  For example, if your security policy requires user authentication using an on-premises authentication service, such as your Active Directory, you will need to enable Prisma Access to access the corporate location where the service resides (and set up a service account that the service can use to access it). Similarly, if you have corporate resources that your remote networks and mobile users will need to access, you must enable Prisma Access to access the corresponding corporate network.
  If you create service connections for this reason, you should plan for the service connections before implementing them.
• A service connection allows remote networks and mobile users to communicate with each other.
  Even if you don’t need access to your HQ or data center, you might have a need to allow your mobile users to access your remote network locations. In this case, you can create a service connection with placeholder values. This is required because, while all remote network connections are fully meshed, mobile users connect to remote networks using the service connection in a hub-and-spoke network. For this reason, you might also create a service connection with placeholder values if your existing service connection is not in an ideal geographical location.
• Service connections do not support language localization because egress to the internet is not supported over service connections. Prisma Access allocates only one service endpoint address (either an FQDN or IP address) per service connection, and that IP address is geographically registered to the compute location that corresponds to the location you specify during onboarding.

• If you have a ZTNA or Enterprise license, the number of service connections depends on your License edition. If you have a Local edition, you can configure a maximum of two service connections; if you have a Worldwide edition, you can configure a maximum of five service connections.
  • The ZTNA Connector lets you connect Prisma Access to your organization's private apps. ZTNA Connector provides mobile users and users at branch locations access to your private apps using an automated secure tunnel. For more information, see Prisma Access ZTNA Connector.
• If you manage multiple tenants and have a ZTNA or Enterprise license, the number of service connections per tenant depends on the number of units you allocate per tenant and the type of license you have.
  • If you have a Global license and allocate at least 1,000 units for a tenant, you can allocate a maximum of five service connections for that tenant.
  • If you have a Global license and allocate between 200 and 999 units for a tenant, you can allocate a maximum of two service connections for that tenant (the same as the number of connections for a Local deployment).
  • If you have a Local license, you can allocate a maximum of two service connections per tenant, regardless of the number of units you allocate past the minimum of 200.
  For both Global and Local licenses, you can purchase additional licenses for service connections if more are required. For service connections in advanced deployments, see Prisma Access Service Connection Advanced Deployments.