In cases where users are at a branch location
or HQ that is secured by an on-premises next-generation firewall
with user-based policies, and they need to access resources at another
branch location that you have secured with Prisma Access, you must
redistribute User-ID mappings from
the on-premises firewall to Prisma Access.