Prisma Access Shared Management Model

Learn what aspects of Prisma Access you need to manage and what aspects Palo Alto Networks manages for you.
With Prisma Access you can ensure consistent security across all of your geographic locations and your expanding mobile workforce without the operational overhead of having to deploy equipment and manage it all over the world. However, only you know how to best secure your users and your most valuable resources and sensitive applications. To enable you to have full control over your security policy without the responsibility of deploying and maintaining the infrastructure, Prisma Access employs a shared management model. The following table defines the shared management ownership responsibilities:
Management of...
Palo Alto Networks Responsibility
Your Responsibility
Cortex Data Lake
Maintaining the logging infrastructure and delivery of Prisma Access logs.
Purchasing the appropriate amount of log storage.
OS Updates in the Prisma Access Infrastructure
Upgrading all security processing nodes in your Prisma Access instance.
Content Updates
Keeping all security processing nodes in your Prisma Access instance up-to-date with the latest content updates.
Reviewing the content release notes and understanding how new or updated App-IDs impact your policy.
Users
Deploying security processing nodes in the selected locations.
Onboarding mobile users and providing mobile device connectivity to the user gateways (for example, providing an ISP).
User Authentication
Configuring enterprise authentication.
Mobile Device Management (MDM)
(Optional)
Managing mobile user devices with your own MDM.
Fault Tolerance
Guaranteeing the availability of the service in all locations.
Auto Scaling
Automatically scaling the service whenever you add service connections or branch networks (or add bandwidth at a branch), or when needed to support the number of mobile users in a given region and location.
Provisioning
Provisioning security processing nodes as needed to support your licensed Prisma Access services.
Policy Management and Creation
(Cloud Managed only)
Creating best practice internet access security policy rules and security profiles.
Creating granular security policy and policy objects.
Log Analysis and Forensics
Generating logs.
Analyzing logs, running reports, configuring log forwarding, and integrating with other log analysis tools.
On-premise Security
Securing between micro-segmentations of your on-premise network. In some deployments, you can also direct all traffic to Prisma Access to secure it.
Networking
Establishing full-mesh networking within the Prisma Access infrastructure, as well as secure internet access.
Providing an IPSec-capable device at each branch and corporate network you plan to connect to Prisma Access.
Monitoring
Monitoring all of the networking infrastructure within Prisma Access and providing status information.
Monitoring all on-premise networking devices connected to Prisma Access.
Remote Network Onboarding
Deploying the Prisma Access networking infrastructure to support the remote network.
Onboarding each remote network that you want Prisma Access to secure.
Corporate Access
Deploying the network infrastructure within Prisma Access to enable branch and mobile user access to your corporate network.
Onboarding the service connection to your corporate and data center locations and managing the IPSec-capable device at each location.
IP Address Pools
Deploying the Prisma Access infrastructure within the provided IP address space.
Providing IP address pools for the service infrastructure, the branch locations, and/or your mobile users.
Panorama Updates
(Panorama managed only)
Cloud Services Plugin Updates
(Panorama managed only)
Informing you when a new version of the plugin is available.

Recommended For You