New Features in Prisma Access 4.0

Table of Contents

Filter

Expand All | Collapse All

Prisma Access Docs

Release Notes
Version
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Activation & Onboarding
Administration
Version
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
- Prisma Access China
Integrations
Incidents & Alerts

Prisma Access Release Information

Changes to Default Behavior

New Features in Prisma Access 4.0

Where Can I Use This?	What Do I Need?
`Prisma Access (Managed by Strata Cloud Manager)` `Prisma Access (Managed by Panorama)`	`Prisma Access` license `Minimum Required Prisma Access Version` 4.0 Preferred

The following table describes the new features that are available with Prisma Access 4.0 Preferred.

Feature	Description
Prisma Access on the Strata Cloud Manager Platform	Prisma Access is supported on the Strata Cloud Manager platform. We'll be updating Prisma Access so that it is on the Strata Cloud Manager platform, alongside your other Palo Alto Networks products and subscriptions that are supported for unified management. If you've been using the Prisma Access app for Prisma Access Cloud Management or for Prisma Access monitoring and visibility features (including Autonomous DEM, Insights, and Activity dashboards and reports), the update to Strata Cloud Manager gives you a new management and visibility experience. Learn more: Learn more about Strata Cloud Manager What to expect when Prisma Access is updated to give you the new management experience Where are my Prisma Access features in Strata Cloud Manager? Prisma Access visibility and monitoringwith Strata Cloud Manager
Explicit Proxy Connectivity in GlobalProtect for Always-on Internet Security `May 22, 2023`	Prisma Access adds explicit proxy connectivity to its version 6.2 GlobalProtect app. With this introduction, end users are protected with always-on internet security while getting on-demand access to private apps, either via a third-party VPN or via GlobalProtect with Prisma Access or an on-premises NGFW. This capability enables you to: Easily replace 3rd party proxy solutions Co-exist with any 3rd-party VPN agents Support both browser-based and non-browser-based apps to secure internet traffic Simplify proxy deployments and achieve User-ID based enforcement for all traffic
Outbound Route Prefixes Increased to 500 `May 16, 2023`	When you specify the prefixes for which Prisma Access adds static routes for all service connections and remote network connections (PanoramaCloud ServicesConfigurationService SetupAdvancedOutbound Routes for the Service), you can now specify up to 500 outbound routes. Routes you specify here are routed to these prefixes over the internet. This increase was added to Panorama Managed Prisma Access with the 4.0.0-h20 Cloud Services plugin. Cloud Managed Prisma Access deployments support a maximum number of 10 outbound routes.
Integrate Prisma Access with Cisco Meraki SD-WAN `May 05, 2023`	Secure Cisco Meraki MX SD-WAN devices using Prisma Access (Cloud Management) with the latest simplified and automated tunnel creation, instead of onboarding them manually like in previous releases.
ZTNA Connector `April 18, 2023`	The Zero Trust Network Access (ZTNA) Connector lets you connect to your organization's private apps simply and securely. ZTNA Connector provides mobile users and users at branch locations access to your private apps using an automated secure tunnel, which eliminates the requirement of setting up IPSec tunnels and routing definitions to access the private apps. ZTNA Connector does not require any routing from the customer infrastructure and can provide access to applications that use overlapped IP addresses in your networks.
PAN-OS 10.2 Support `March 30, 2023`	Prisma Access allows you to take advantage of the following up-to-date security features that are offered with PAN-OS 10.2. including the following features: Review the PAN-OS 10.2 Upgrade Considerations before your dataplane upgrade and before upgrading your panorama to 10.2. PAN-OS 10.2 includes the following new features: Management Features: Selective Commit of Configuration Changes Policy Features: Security Policy Rule Top-Down Order When Wildcard Masks Overlap Content Inspection Features: Advanced Threat Prevention: Inline Cloud Analysis Domain Fronting Detection Decryption Features: Multiple Certificate Support for SSL Inbound Inspection URL Filtering Features: Inline Deep Learning Analysis for Advanced URL Filtering HTTP Header Expansion Enterprise Data Loss Prevention Features: Web Form Data Inspection for Enterprise Data Loss Prevention You must have a Panorama appliance running 10.2 to take advantage of the 10.2 features in Prisma Access.
Support for 400 Remote Network Sites per IPSec Termination Node `March 30, 2023`	Prisma Access 3.2 brought you high-bandwidth 1Gbps remote networks. Now, Prisma Access 4.0 raises the previous limit of 250 sites per IPSec termination node to 400 sites per IPSec termination node.
Support for 15,000 Branch Sites in a Single Tenant `March 30, 2023`	Prisma SASE can support up to 15,000 Branch sites in one tenant. If you require more than 15,000 branch sites, you can take advantage of Prisma SASE's multi-tenant capability built for distributed global enterprises and MSPs with support for an effective unlimited number of remote users.
Third-Party Data Source Support for Device-ID `March 30, 2023`	You can leverage IP address-to-device mappings from third-party IoT detection sources to simplify the task of identifying and closing security gaps for devices in your network. Third-Party Device-ID enables Prisma Access to obtain and use information from third-party IoT visibility solutions through the Cloud Identity Engine for device visibility and control.
New Prisma Access locations With Local Zones `March 30, 2023`	Prisma Access adds locations that are in local zones. These locations have their own compute locations. The following locations are supported: Australia West (Perth) US-Central (Chicago) US-Southeast (Miami) You onboard local zones in the same way as any other Prisma Access location, and the local zones are available in Mobile Users—GlobalProtect, Remote Network, and Service Connection deployments. The local zone locations are denoted with two asterisks for Panorama Managed deployments and are denoted as a Local Zone in Cloud Managed deployments. Keep in mind the following guidelines when deploying local zones: Local zone locations do not support IPv6. Local zone locations do not use Palo Alto Networks registered IP addresses. 1 Gbps support for remote networks is not supported. Remote network and service connection node redundancy across availability zones is not available if you deploy them in the same local zone, as both nodes are provisioned in a single zone. These local zones do not use Palo Alto Networks registered IPs. If you have problems accessing URLs, report the website issue using https://reportasite.gpcloudservice.com/ or reach out to Palo Alto Networks support. Some SaaS applications might experience a higher latency in local zones when compared with non-local zone locations.
Support for RFC 6598 Addresses in Prisma Access Infrastructure IP Addresses `March 30, 2023`	If your enterprise uses RFC 6598 IP addresses as a part of your enterprise routable address space, you can use that address space in the following Prisma Access infrastructure IP addresses: Secure Inbound Access to Remote Network Locations Overlapping Subnets with Remote Network Locations Traffic Steering Infrastructure subnet IP addresses IP address pools Static subnets used for service connections and remote networks To enable the use of 100.64.0.0/10 addresses in infrastructure addresses, reach out to your Palo Alto Networks account representative or partner and submit a request. Clientless VPN is not supported with RFC 6598 addresses. If you implement this support, you can no longer use the 169.254.0.0/16 subnet for infrastructure addresses. You cannot specify Outbound Routes for the Service for service connections if those service connections use RFC 6598 addresses.
New and Updated Prisma Access Locations `March 30, 2023`	New Prisma Access Locations To better accommodate worldwide deployments and provide enhanced local coverage, adds the following new locations: Ghana (added to the Europe Northwest compute location) Guatemala (added to the US East compute location) Latvia (added to the Belgium compute location) US Central West (added to the new US Central West compute location) Uruguay (added to the South America West compute location) Uganda (added to the Switzerland compute location)
	New Explicit Proxy Locations Prisma Access supports the following new locations for explicit proxy: US Central West Poland Israel
	New and Renamed Prisma Access Compute Locations and Remapped Locations To better optimize performance of Prisma Access, we've made these updates to compute locations: (Remapped) Poland—The Poland location is moving to the Europe Central (Warsaw) compute location. (New) US Central West—The new US Central West location uses the US Central West compute location. New deployments have the new remapping applied automatically. If you have an existing Prisma Access deployment that uses one of these locations and you want to take advantage of the remapped compute location, follow the procedure to add a new compute location to a deployed Prisma Access location.

Prisma Access Release Information

Changes to Default Behavior

Prisma Access Docs

New Features in Prisma Access 4.0

Prisma Access Docs

New Features in Prisma Access 4.0

Activation & Onboarding

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

Best Practices

Experts Corner

Translated Documents