Changes to Default Behavior
The following tables detail the changes in default behavior for the Cloud Services Plugin version 3.0 Innovation and Preferred.
Changes to Default Behavior—Prisma Access 3.0 Preferred
The following table details the default behavior changes for 3.0 Preferred.
QoS Profile Requirements for Remote Networks that Allocate Bandwidth by Compute Location
If your remote network deployment allocates bandwidth by compute location and you want to implement QoS for traffic marking and shaping for remote networks after you upgrade to Prisma Access 3.0 Preferred, be sure to use a
Class Bandwidth Typeof
Mbpsin your QoS profiles. Prisma Access does not support bandwidth types of
Mbpsin QoS profiles for deployments that allocate bandwidth by compute location.
WildFire India Cloud Support Changes
Because of the remapping of the Prisma Access India locations to the WildFire India Cloud (in.wildfire.paloaltonetworks.com), make a note of the following changes:
Exclude Video Traffic from the Global Protect Tunnel (Windows and MACOS only) Enabled by Default for New Mobile User - Global Protect Deployments
New Prisma Access Mobile User—GlobalProtect deployments will enable the exclude video traffic applications from the VPN tunnel option for Windows and MacOS GlobalProtect agents. The video applications that will be excluded from the GlobalProtect tunnel are: Dailymotion, Hulu, Netflix, YouTube, Sling, Vimeo, Xfinity TV, and Youku.
For Cloud Managed Prisma Access deployments, this feature is automatically enabled. For Prisma Access Panorama Managed deployments, Prisma Access enables
Exclude video traffic from the tunnel (Windows and macOS only)
Prisma Access UI and New Compute Location Names
As a result of the compute location additions being added for 3.0, the Prisma Access UI will reflect the following remote network compute location-to-location remapping:
Data Redistribution Agents on Mobile User Template Do Not Support IP User Mappings and HIP Data Types
If you configure a Data Redistribution Agent (
) on the Mobile_User_Template, do not specify the IP User Mappings and HIP Data types. A data redistribution agent is not required to distribute User-to-IP address and HIP mapping to the mobile user gateways, because this information is learned directly from the GlobalProtect app.
Changes to Default Behavior—Prisma Access 3.0 Innovation
Prisma Access 3.0 Innovation has all the changes to default behavior as 3.0 Preferred and includes the following additional changes to default behavior.
PAN-OS Dataplane Considerations for Prisma Access 3.0 Innovation Upgrades
If you are currently running Prisma Access 2.2 Preferred release and want to upgrade to 3.0 Innovation, your dataplane will change from 10.0 to 10.1. Before Palo Alto Networks upgrades your dataplane, you should check the Changes to Default Behavior and Upgrade/Downgrade Considerations for PAN-OS 10.1.
In addition, check that your IKE cryptographic cipher suites are compliant with the 10.0 dataplane and be sure to set
Noneif you use an AES-GCM algorithm for encryption in an IKE crypto profile.
Recommended For You
Recommended videos not found.