Prisma Access
New Features in Prisma Access 4.0
Table of Contents
Expand All
|
Collapse All
Prisma Access Docs
-
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
-
-
-
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
New Features in Prisma Access 4.0
Where Can I Use This? | What Do I Need? |
---|---|
|
|
The following table describes the new features that are available with Prisma Access 4.0
Preferred.
Feature
|
Description
|
---|---|
Prisma Access on the Strata Cloud Manager Platform |
Prisma Access is now supported on the new Strata Cloud Manager
platform. We'll be updating Prisma Access so that it is on the
Strata Cloud Manager platform, alongside your other Palo Alto
Networks products and subscriptions that are supported for unified
management. If you've been using the Prisma Access app for Prisma
Access Cloud Management or for Prisma Access monitoring and
visibility features (including Autonomous DEM, Insights, and
Activity dashboards and reports), the update to Strata Cloud Manager
gives you a new management and visibility experience.
Learn more:
|
Explicit Proxy Connectivity in GlobalProtect for
Always-on Internet Security May 22, 2023 |
Prisma Access adds explicit proxy
connectivity to its version 6.2 GlobalProtect app. With
this introduction, end users are protected with always-on internet
security while getting on-demand access to private apps, either via
a third-party VPN or via GlobalProtect with Prisma Access or an
on-premises NGFW. This capability enables you to:
|
Outbound Route Prefixes Increased to 500 May
16, 2023 |
When you specify the prefixes for which Prisma Access adds static
routes for all service connections and remote network connections (PanoramaCloud ServicesConfigurationService SetupAdvancedOutbound Routes for the Service), you can now specify up to 500 outbound routes.
Routes you specify here are routed to these prefixes over the
internet.
This increase was added to Panorama Managed
Prisma Access with the 4.0.0-h20 Cloud Services plugin. Cloud
Managed Prisma Access deployments support a maximum number of 10
outbound routes. |
Integrate Prisma Access with Cisco Meraki
SD-WAN May 05, 2023 |
Secure Cisco Meraki MX SD-WAN
devices using Prisma Access (Cloud Management) with the
latest simplified and automated tunnel creation, instead of
onboarding them manually like in previous releases.
|
ZTNA Connector April 18,
2023 | The Zero Trust Network Access (ZTNA) Connector lets you connect to your organization's private apps simply and securely. ZTNA Connector provides mobile users and users at branch locations access to your private apps using an automated secure tunnel, which eliminates the requirement of setting up IPSec tunnels and routing definitions to access the private apps. ZTNA Connector does not require any routing from the customer infrastructure and can provide access to applications that use overlapped IP addresses in your networks. |
PAN-OS 10.2 Support March 30,
2023 |
Prisma Access allows you to take advantage of the following
up-to-date security features that are offered with PAN-OS 10.2. including
the following features:
Review the PAN-OS 10.2 Upgrade
Considerations before your dataplane upgrade and before
upgrading your panorama to 10.2.
PAN-OS 10.2 includes the following new features:
You must have a Panorama appliance running 10.2 to take advantage of
the 10.2 features in Prisma Access.
|
Support for 400 Remote Network Sites per IPSec
Termination Node March 30, 2023 | Prisma Access 3.2 brought you high-bandwidth 1Gbps remote networks. Now, Prisma Access 4.0 raises the previous limit of 250 sites per IPSec termination node to 400 sites per IPSec termination node. |
Support for 15,000 Branch Sites in a Single
Tenant March 30, 2023 | Prisma SASE can support up to 15,000 Branch sites in one tenant. If you require more than 15,000 branch sites, you can take advantage of Prisma SASE's multi-tenant capability built for distributed global enterprises and MSPs with support for an effective unlimited number of remote users. |
Third-Party Data Source Support for
Device-ID March 30, 2023
|
You can leverage IP address-to-device
mappings from third-party IoT detection sources to
simplify the task of identifying and closing security gaps for
devices in your network. Third-Party Device-ID enables Prisma Access
to obtain and use information from third-party IoT visibility
solutions through the Cloud Identity Engine for device visibility
and control.
|
New Prisma Access locations With Local
Zones March 30, 2023 |
Prisma Access adds locations that are in local zones. These locations
have their own compute locations. The following locations are
supported:
You onboard local zones in the same way as any other Prisma Access
location, and the local zones are available in Mobile
Users—GlobalProtect, Remote Network, and Service Connection
deployments. The local zone locations are denoted with two asterisks
for Panorama Managed deployments and are denoted as a
Local Zone in Cloud Managed deployments.
Keep in mind the following guidelines when deploying local zones:
|
Support for RFC 6598 Addresses in Prisma Access Infrastructure IP
Addresses March 30, 2023 |
If your enterprise uses RFC 6598 IP addresses as a part of your
enterprise routable address space, you can use that address space in
the following Prisma Access infrastructure IP addresses:
To enable the use of 100.64.0.0/10 addresses in infrastructure
addresses, reach out to your Palo Alto Networks account
representative or partner and submit a request.
Clientless VPN is not supported with RFC 6598 addresses.
If you implement this support, you can no longer use the 169.254.0.0/16
subnet for infrastructure addresses.
You cannot specify Outbound
Routes for the Service for service connections if
those service connections use RFC 6598 addresses. |
New and Updated Prisma Access
Locations March 30, 2023 |
New Prisma Access Locations
To better accommodate worldwide deployments and provide enhanced
local coverage, adds the following new locations:
|
New Explicit Proxy Locations
Prisma Access supports the following new locations for explicit
proxy:
| |
New and Renamed Prisma Access Compute Locations and Remapped
Locations
To better optimize performance of Prisma Access, we've made these
updates to compute locations:
New deployments have the new remapping applied automatically. If you
have an existing Prisma Access deployment that uses one of these
locations and you want to take advantage of the remapped compute
location, follow the procedure to add a new compute location to a
deployed Prisma Access location.
|