Changes to Default Behavior
The following tables detail the changes in default behavior
for the Cloud Services Plugin version 3.0 Innovation and Preferred.
Changes to Default Behavior—Prisma Access 3.0 Preferred
The following table details the default behavior changes
for 3.0 Preferred.
Component | Change |
|---|---|
QoS Profile Requirements for Remote Networks
that Allocate Bandwidth by Compute Location | If your remote network deployment allocates
bandwidth by compute location and
you want to implement QoS for traffic marking and shaping for remote networks
after you upgrade to Prisma Access 3.0 Preferred, be sure to use
a Class Bandwidth Type of Percentage instead
of Mbps in your QoS profiles. Prisma Access
does not support bandwidth types of Mbps in
QoS profiles for deployments that allocate bandwidth by compute location. |
WildFire India Cloud Support Changes | Because of the remapping of the Prisma Access
India locations to the WildFire India Cloud (in.wildfire.paloaltonetworks.com),
make a note of the following changes:
|
Exclude Video Traffic from the Global Protect
Tunnel (Windows and MACOS only) Enabled by Default for New Mobile
User - Global Protect Deployments | New Prisma Access Mobile User—GlobalProtect
deployments will enable the exclude video traffic applications
from the VPN tunnel option for Windows and MacOS GlobalProtect
agents. The video applications that will be excluded from the GlobalProtect
tunnel are: Dailymotion, Hulu, Netflix, YouTube, Sling, Vimeo, Xfinity
TV, and Youku. For Cloud Managed Prisma Access deployments,
this feature is automatically enabled. For Prisma Access Panorama
Managed deployments, Prisma Access enables . |
Prisma Access UI and New Compute Location
Names | As a result of the compute location additions
being added for 3.0, the Prisma Access UI will reflect the following
remote network compute location-to-location remapping:
|
Data Redistribution Agents on Mobile User
Template Do Not Support IP User Mappings and HIP Data Types | If you configure a Data Redistribution Agent ()
on the Mobile_User_Template, do not specify the IP User Mappings
and HIP Data types. A data redistribution agent is not required
to distribute User-to-IP address and HIP mapping to the mobile user
gateways, because this information is learned directly from the
GlobalProtect app. |
Changes to Default Behavior—Prisma Access 3.0 Innovation
Prisma Access 3.0 Innovation has all the changes to
default behavior as 3.0 Preferred and
includes the following additional changes to default behavior.
Component | Change |
|---|---|
PAN-OS Dataplane Considerations for Prisma
Access 3.0 Innovation Upgrades | If you are currently running Prisma Access 2.2
Preferred release and want to upgrade to 3.0 Innovation, your dataplane
will change from 10.0 to 10.1. Before Palo Alto Networks upgrades your dataplane,
you should check the Changes to Default Behavior and Upgrade/Downgrade Considerations for
PAN-OS 10.1. In addition, check that your IKE cryptographic cipher suites are compliant
with the 10.0 dataplane and be sure to set Authentication to None if
you use an AES-GCM algorithm for encryption in an IKE crypto profile. |
