Learn about how traffic steering works with Prisma Access.
In standard Prisma Access deployments, a service connection
provides access to internal network resources, such as authentication
services and private apps in your headquarters or data center. Service
connections process internal traffic, where no internet access is
required. In some cases, you might want to redirect internet-bound
traffic to the data center. Traffic steering allows you to redirect mobile
user or remote network traffic to a service connection before being
sent to the internet.
There are two action types supported with traffic steering:
Forward to the target
criteria in traffic steering rules to forward internet-bound traffic
through a target you create that uses one or more service connections.
Forward to the internet
—Use the criteria
in traffic steering rules to directly forward traffic from its source
(mobile user location or remote network connection) to the internet,
without being forwarded to a service connection.
If you forward to a target, you can choose to create two types
of target groups: dedicated and non-dedicated.
A service connection that is used only for traffic steering-related
traffic is a
dedicated service connection
. To set a service
connection to be used as a dedicated service connection, select
might want to configure a dedicated service connection if you use
a third-party security stack that is outside of your organization’s
internal network to process traffic before it is sent to a public
SaaS application or the internet. Because the security stack is
not a part of your organization’s network, you don’t want this service
connection to process any internal network traffic.
A service connection that is used for traffic steering and
for standard service connection-related traffic (such as traffic
going to an authentication server in the data center) is a
Setting a service connection as a dedicated service connection
causes the following changes to your deployment: