Prisma Access uses a shared ownership model. Palo Alto
Networks manages the underlying security infrastructure, ensuring
it is secure, resilient, up-to-date and available to you when you
need it. Your organization’s responsibility is to onboard locations
and users, push policies, update them, query logs, and generate
Palo Alto Networks manages the following parts of the security
infrastructure. In addition to the security infrastructure, Prisma
Access manages the cloud infrastructure
—We automatically scale the service when
you add service connections or remote networks, or when additional mobile
users log in to one or more gateways in a single region.
—We provision the infrastructure with
everything that is required.
—We monitor the service status and
keep it functioning.
Compute Location Mapping
—Each Prisma Access location
is mapped to security compute location based on optimized performance
and latency, which means that, unless otherwise modified by a system
administrator, the traffic in certain countries will be directed
to a defined compute location. See the Prisma Access Privacy Data Sheet for
the location-to-compute location mapping.
Your organization manages the following components of the security
—You manage the onboarding of mobile users.
—You manage the authentication of those
Mobile device management (MDM)
—You can control your
organization's mobile devices that are protected with Prisma Access using
your own MDM software.
—You plan for and create
the policies in Panorama to use with Prisma Access.
Log analysis and forensics
—Prisma Access provides
the logs, you provide the analysis and reporting, using integrated
tools provided by us or by another vendor.
—You provide the on-premises security
between micro-segmentations of your on-premises network. In some
deployments, you can also direct all traffic to be secured with
—You provide the network connectivity to
—You monitor the on-premises network’s status.
You provide the connectivity
to the Prisma Access gateway for mobile users (for example, provide
an ISP), and you also provide the on-premises devices used as the
termination points for the IPSec tunnels used by service connections
and remote network connections.
—You onboard the mobile users, HQ/Data center
sites, and branch sites.