Prisma Access

Prisma Access makes it easy for you to enable consistent, secure access to the internet, as well as to your sanctioned SaaS applications, public cloud environments, and data centers and headquarters for all users at all locations all the time.
To keep your applications and data safe, you must secure all users at all locations all the time. But how do you do this when your footprint is expanding globally, more and more of your users are mobile, and your applications and data are moving out of your network and into the cloud? Prisma Access enables this consistent security by safely enabling your users to access cloud and data center applications as well as the internet whether they are at your headquarters, branch offices, or on the road. Prisma Access consistently inspects all traffic across all ports, enabling secure access to the internet, as well as to your sanctioned SaaS applications, public cloud environments, and data centers and headquarters. Because Prisma Access leverages the next-generation firewall capability, threat prevention, malware prevention, URL filtering, SSL decryption, and application-based policy capabilities are built-in to provide you with the same level of security no matter where your users are or what resources they are accessing. All Prisma Access logs are stored in the Cortex Data Lake, providing centralized analysis, reporting, and forensics across all users, applications, and locations.
Prisma Access delivers protection at scale with global coverage so you don’t have to worry about things like sizing and deploying hardware firewalls at your branches or building out and managing appliances in collocation facilities. Prisma Access provides the network infrastructure to connect all of your remote branches, your headquarter sites, data centers, and mobile users without requiring you to build out your own global security infrastructure and expand your operational capacity.
prisma-access-overview.png
With the Prisma Access, Palo Alto Networks deploys and manages the security infrastructure globally based on what you have licensed:
  • Prisma Access for networks
    —Secures traffic to and from your branch offices to the internet, other branches, and to your headquarters and data centers over an IPSec tunnel. You can use any router, SD-WAN edge device, or firewall that supports IPSec to connect your remote networks to Prisma Access. Prisma Access then implements a full-mesh VPN within the security overlay, eliminating the complexity and operational overhead normally associated with branch-to-branch networking. You license Prisma Access for networks based on the total bandwidth you need across all sites. You can then allocate the specific amounts of bandwidth you need at each site.
  • Prisma Access for users
    —Provides consistent security for your mobile users whether they are accessing applications at your data center, using SaaS applications, or browsing the internet. You can deploy the GlobalProtect app to your users (available for smartphones, tablets, or laptops running Microsoft Windows, Apple macOS and iOS, Android, Google Chrome OS, and Linux) so that they can tunnel the traffic to Prisma Access for policy enforcement and threat prevention. The GlobalProtect app also provides host information profile (HIP) reporting so that you can create granular policies based on device state to ensure that endpoints adhere to your security standards—for example, they are equipped with the most up-to-date patches, encryption, and virus definitions—in order to access your most sensitive applications. Or, to enable secure access to users on unmanaged devices, you can enable Clientless VPN. Prisma Access dynamically scales in and out per region based on where your users are at the moment. You license Prisma Access for Users based on the number of users.
Palo Alto Networks manages the underlying security infrastructure, ensuring it is secure, resilient, up-to-date and available to you when you need it. Your organization’s responsibility is to onboard branches and mobile users, create policies, query logs, and generate reports.

Related Documentation