Mobile Users: Explicit Proxy
Focus
Focus
Prisma Access

Mobile Users: Explicit Proxy

Table of Contents

Mobile Users: Explicit Proxy

Set up your Mobile Users (Explicit Proxy) environment.
Where Can I Use This?
What Do I Need?
  • Prisma Access (Cloud Management)
  • Prisma Access (Panorama Managed)
  • Prisma Access
    license
Prisma Access
by Palo Alto Networks, is a security service edge (SSE) solution that delivers best-in-class cloud SWG functionality, including advanced URL filtering, SSL decryption, SaaS application control, and advanced threat prevention.
Prisma Access
operationalizes next-generation security deployments with a pervasive and always-on cloud-native infrastructure entirely managed by Palo Alto Networks. Mobile users and remote sites can securely access the internet and SaaS applications according to corporate policies.
Prisma Access
offers flexible connectivity options: PAC Files, Agent, Agentless, and Site-to-Site IPSEC to ensure any legacy or alternative cloud proxy architectures can move to
Prisma Access
with minimal networking changes.
Explicit Proxy
Prisma Access
provides a complete cloud Secure Web Gateway (SWG) capability, including an Explicit Proxy connection method based in the cloud. If your organization’s existing network already uses explicit proxies and deploys PAC files on your client endpoints, you can smoothly migrate from legacy proxy-based SWG solutions to
Prisma Access
to secure mobile users’ outbound internet traffic. You can also use an Explicit Proxy if you need to use a proxy for compliance purposes. Explicit proxy uses the Mobile User license.
Prisma Access
Explicit Proxy Features
Feature
Description
App-ID
Continuously classifies all applications regardless of port, TLS/SSL encryption, or technique used by an attacker to evade detection. Unlike legacy solutions that depend on Layers 3 and 4 as the first layers of control before application classification is applied,
Prisma Access
applies App-ID along with other Layer 7 controls, such as User-ID.
User-ID
Integrates with a wide range of user identity repositories so that your policies follow your users and groups regardless of their location.
SSL Decryption
Inspects and applies policy to TLS/SSL-encrypted traffic. For privacy and regulatory compliance, you can enable or disable decryption flexibly based on URL, source, destination, user, user group, and port.
AI/ML-Based Detection
Delivers inline, signatureless attack detection and zero-day exploit prevention.
Prisma Access
adapts and provides instantaneous real-time protection vs. scheduled updates. It prevents up to 95% of unknown threats instantly, with less than 10-second signature delivery, resulting in a 99.5% reduction in infected systems.
DNS Security
Applies real-time protections and inline machine learning to disrupt C2 callback and other attacks that use DNS. Natively integrated into
Prisma Access
, Advanced DNS Security provides automated protections, preventing attackers from bypassing security measures, and eliminates the need for independent tools or changes to DNS routing.
Advanced URL Filtering
Superior protection against web-based threats, such as phishing, malware, and C2, that combines powerful database protections with an ML-powered web security engine that categorizes and blocks new malicious URLs in real time. Industry-leading phishing protection tackles the most common causes of breaches, letting you take back control of your web traffic through fine-grained controls and policy settings that automate security actions based on users, risk ratings, and content categories.
Advanced Threat Prevention
Stop zero-day threats, known exploits, malware, spyware, and malicious command and control (C2) with industry-leading threat prevention. Prevent 60% more unknown injection attacks and 48% more highly evasive C2 traffic than traditional intrusion prevention systems.
Advanced WildFire
Ensure files are safe by automatically preventing known, unknown, and highly evasive malware 60X faster with the industry’s largest threat intelligence and malware prevention engine.
NG-CASB*
Gain proactive SaaS visibility, protection against misconfigurations, and real-time data protection for best-in-class SaaS security.
Data Loss Prevention (DLP)*
Includes a set of tools and processes that allow you to protect sensitive information against unauthorized access, misuse, extraction, or sharing. DLP on
Prisma Access
enables you to enforce data security policies and prevent the loss of sensitive data across mobile users and remote networks.
Remote Browser Isolation Support
Through CloudBlades, integrates with third-party RBI clouds by leveraging existing NGFW URL categorization and URL rewrite features to forward select/all internet-bound traffic to the RBI cloud. This capability provides a seamless user experience while forwarding certain traffic (unknown or high-risk categories) to RBI for additional inspection while the remaining traffic can be inspected by
Prisma Access
and egress directly to the internet.
Reporting
Includes, as a standard, a detailed, customizable SaaS application usage report that provides insight into all SaaS traffic—sanctioned and unsanctioned—on your network. You can also create custom reports based on your needs and easily schedule, download, and share them with others in your organization.
User Authentication
Supports all existing PAN-OS authentication methods, including Kerberos, RADIUS, SAML, LDAP, client certificates, and a local user database. With PAC only, supports Kerberos and SAML.
Site-to-Site IPsec VPN
Supports site-to-site tunnels over IPv4 and IKEv1/IKEv2 to ensure compatibility. For multiple connection sites, ECMP routing can provide additional redundancy and cost efficiency by balancing sessions over available internet connections.
Logging
Shows overall traffic, application, user, threat, URL, and data filter logging to facilitate organization of data via the cloud-based
Cortex Data Lake
.
* Requires an add-on license.
For a detailed description of product features and capabilities, please refer to the
Prisma Access
datasheet
.

Recommended For You