Prisma Access enables you to extend the Palo
Alto Networks security platform out to your remote network locations
and your mobile users without having to build out your own global
security infrastructure and expand your operational capacity. In
cases where you have already deployed GlobalProtect gateways in
regions where you already have the infrastructure to manage it,
you can leverage this investment by configuring Prisma Access to
direct mobile users to your existing external gateways when appropriate.
You cannot use your own portal
with Prisma Access. You can only use the portal that is deployed
when your Prisma Access for mobile users is provisioned.
configure one of these hybrid Prisma Access deployments, you must
edit the GlobalProtect_Portal configuration within the Mobile_User_Template
to add your on-premise gateways to the appropriate regions:
Edit the Prisma Access portal configuration.
To add an existing gateway to the list of
available gateways, select
edit the Prisma Access portal configuration.
Add your on-premise gateway to the list of gateways in
the agent configuration.
and select the
a new one.
you add a new agent configuration and you want to add the Prisma
Access gateways to the list of external gateways in that configuration,
you must set the
GP cloud service
You must enter these values exactly as shown, and you cannot use
either of these values for non-Prisma Access gateways.
of the gateway
and specify either the
of the gateway in the
value must exactly match the common name (CN) in the gateway certificate.
) If you want mobile users to only
connect to the gateway when they are in the corresponding region,
to restrict the gateway to. For example, if you
have a gateway in France, you would select FR (France). If you have
a gateway in Sweden, you would select (SE) Sweden.
One benefit of this is that users will then be able to
access a gateway that enables access to internet resources in their
Configure other agent settings as necessary
to complete the agent configuration.
to save the portal
Commit all your changes to Panorama and push the configuration
changes to Prisma Access.