License and Activate Prisma Access
After you purchase a Prisma Access license, you can license and activate your Prisma Access instance from the hub.
Prisma Access provides a flexible licensing scheme so that you can purchase just what you need to secure your remote networks and mobile users. The instructions here are for activating Cloud Managed Prisma Access, which you’ll do using the hub. If you are planning to use Panorama to manage Prisma Access, follow the instructions for licensing Panorama Managed Prisma Access from the customer support portal instead.
Prisma Access Licenses
Prisma Access requires a Cortex Data Lake license, and one or more Prisma Access feature licenses (Remote Networks, Mobile Users, or Service Connections).
- Cortex Data Lake—Prisma Access logs are stored in Cortex Data Lake, and so Prisma Access requires you to also have a Cortex Data Lake license.It’s a good idea to activate Cortex Data Lake before you begin activating Prisma Access. If you try to activate Prisma Access without first activating Cortex Data Lake, Prisma Access will guide you to activate Cortex Data Lake before allowing you to continue Prisma Access activation.Your Cortex Data Lake instance and Prisma Access instance must be deployed in the same region. Because Cloud Managed Prisma Access is currently supported only in the Americas region, you must also deploy Cortex Data Lake in the Americas.
- Prisma Access for networks—To license Prisma Access for networks, you purchase a bandwidth pool, which you can divide among each network location that you onboard in increments of 2 Mbps, 5 Mbps, 10 Mbps, 20 Mbps, 25 Mbps, 50 Mbps, 100 Mbps, 150 Mbps, 300 Mbps, 500 Mbps, or 1000 Mbps.A remote network’s bandwidth speed is enforced equally in both directions. To enable traffic peaks, the service allows you to go 10% over the allocated bandwidth for each site; traffic overages above this peak limit is dropped.
- Prisma Access for users—You license Prisma Access for users based on number of users, with tiers from 200 users to more than 100,000 users. Prisma Access for Users requires the GlobalProtect app on each supported endpoint. You can also enable support for unmanaged devices through Clientless VPN. Though there is no strict policing of the mobile user count, the service does track the number of unique users over the last 90 days to ensure that you have purchased the proper license tier for your user base, and stricter policing of user count may be enforced if continued overages occur.
- Service Connections—This Prisma Access license includes the option to establish service connections that enable connectivity to resources in your headquarters and/or data center locations. The number of service connections you can add depends on your license:
- If you purchase a Prisma Access for Networks, or if you purchase licenses for both Prisma Access for networks and Prisma Access for users, you can add up to 100 service connections to enable access to services and applications at your corporate network locations. You can add up to three service connections with no license cost; each connection after the third uses 300 Mbps from your licensed remote network bandwidth pool. Prisma Access does not limit the bandwidth over these connections.
- If you purchase a Prisma Access for users license only, you can establish service connections to up to three of your headquarters or data center sites.
After you purchase the licenses you need for Prisma Access, you’ll receive an email from Palo Alto Networks order fulfillment with the auth code(s) that you’ll use to activate your licenses.
Other products you can use with Prisma Access include:
- Directory Sync—Directory Sync Service gives Prisma Access read-only access to your Active Directory information, so that you can easily set up and manage security and decryption policies for users and groups. Directory Sync is free and does not require a license to get started.
- Prisma SaaS—Integrate Prisma SaaS with Prisma Access for Clientless VPN and authentication support.
Cloud services that you want to integrate with Prisma Access must be deployed in the same region as Prisma Access. Because Prisma Access is currently supported only in the Americas region, you’ll need to use Directory Sync and Prisma SaaS instances that are also deployed in Americas. You can integrate Directory Sync and Prisma SaaS with Prisma Access when you first activate Cloud Managed Prisma Access, or anytime afterward.
Activate Prisma Access
To get started with Cloud Managed Prisma Access, you’ll first need to activate the Prisma Access app on the hub. You do not need an auth code to activate the Prisma Access app. However, have the auth codes for the licenses you’ve purchased at hand: the Mobile Users license, the Remote Networks license, and/or the Service Connections license. After you activate the Prisma Access app, you’ll use these auth codes to activate your feature licenses.
If you have not yet activated Cortex Data Lake, you’ll also need your Cortex Data Lake auth code. Cortex Data Lake is required for Prisma Access, and you can activate it as part of this workflow.
Before you activate Prisma Access:
- Confirm that you have a Customer Support Portal account.If you do not already have a CSP account, go to the toCreate my account. When prompted, enterYour Email Addressto associate with the CSP account andSubmitto create your account.
- If you don’t already have an instance of Cortex Data Like, you must purchase a license before you begin. Because Prisma Access logs to the Cortex Data Lake, you must have a valid license. During the Prisma Access activation, you can associate the Prisma Access instance with an existing Cortex Data Lake instance, or activate a new instance using an auth code.
- Activate the Prisma Access app.Before you can activate Prisma Access for users or Prisma Access for networks, you must activate an instance of the Prisma Access app on the hub.
- From the hub home page,ActivatePrisma Access in the Explore Apps from Palo Alto Networks area.
- Enter anInstance Nameto identify the Prisma Access app instance.
- (Optional)Enter a briefDescriptionof the Prisma Access app instance.
- Select theCortex Data Lakeinstance that you want to associate with your Prisma Access app instance or selectActivate new Cortex Data Lake.If you are activating a new Cortex Data Lake instance, enter the auth code when prompted and then enter aNamefor the instance, select theRegionin which to deploy Cortex Data Lake, and thenAgree and Activate.When the Cortex Data Lake activation completes successfully, clickContinue Activating Prisma Access.
- Select theRegionwhere you want to host the Prisma Access app instance.Americas is currently the only region supported for the Prisma Access app instance.
- You must integrate Prisma Access with Directory Sync and Prisma SaaS instances that are deployed in the same region as Prisma Access. Right now, Prisma Access is supported only in the Americas region, so choose Directory Sync and Prisma SaaS instances in the Americas.If you’re not ready to integrate Directory Sync or Prisma SaaS with Prisma Access just yet, you can skip this step for now and do this after you’ve activated Prisma Access instead.
- To activate the Prisma Access cloud management app,Agree and Activate.
- When the app instance successfully activates, go toManage Apps.It takes up to fifteen minutes to deploy the Prisma Access cloud management instance. You must wait until the Prisma Access instance is up and running before you continue to activate your Prisma Access for networks and/or Prisma Access for users licenses.Verify the Status of your Prisma Access app instance. While the cloud management instance is provisioning, theStatusshows an hourglass icon.After provisioning finishes, theStatuschanges to a green check mark.
- Activate your Prisma Access for users or Prisma Access for networks license.After the Prisma Access app instance finishes provisioning, you can activate your Prisma Access licenses.
- Click on the hub icon to go back to the hub and then clickActivate App.
- Enter the product auth code you received by emailfrom Palo Alto Networks order fulfillment and then clickOK.
- Configure the following settings for your Prisma Access for users or Prisma Access for networks license:
- (Optional)Enter a briefDescriptionof the Prisma Access license.
- Select theRegionwhere you are hosting your Prisma Access app instance.Americas is the only supported region currently.
- Select thePrisma Accessapp instance that you want to associate with this license.
- Agree and Activateto complete activation.A green banner displays when activation completes successfully. You can either add a second license, or clickManage Appsto verify your licenses.
- (Optional)Add a second license to your Prisma Access app instance.If you purchased both Prisma Access for networks and Prisma Access for users, repeat step 3 to activate the second license. When you finish activating the second license, clickManage Appsto verify your licenses
- Verify your licenses.
- From the manage apps page, verify that you see your licenses associated with your Prisma Access app instance:
- Go back to the hub home page.Prisma Access now shows up on the hub as one of your apps.Click on the Prisma Access icon on the hub to launch the app.
- Verify that the Remote Networks and/or Mobile Users tiles on theDashboardshow the correct amount of bandwidth and/or number of users that you licensed.
- Follow the next steps for getting started with Prisma Access:
Recommended For You
Recommended videos not found.