Prisma Access
Mobile Users: Explicit Proxy
Table of Contents
Expand All
|
Collapse All
Prisma Access Docs
-
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
-
-
-
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Mobile Users: Explicit Proxy
Set up your Mobile Users (Explicit Proxy) environment.
Where Can I Use
This? | What Do I Need? |
---|---|
|
|
Prisma Access
by Palo Alto Networks, is a security service edge (SSE) solution
that delivers best-in-class cloud SWG functionality, including advanced URL filtering,
SSL decryption, SaaS application control, and advanced threat prevention. Prisma Access
operationalizes next-generation security deployments with a pervasive and always-on
cloud-native infrastructure entirely managed by Palo Alto Networks. Mobile users and
remote sites can securely access the internet and SaaS applications according to
corporate policies. Prisma Access
offers flexible connectivity options: PAC Files,
Agent, Agentless, and Site-to-Site IPSEC to ensure any legacy or alternative cloud proxy
architectures can move to Prisma Access
with minimal networking changes.Explicit Proxy
Prisma Access
provides a complete cloud Secure Web Gateway (SWG) capability, including an
Explicit Proxy connection method based in the cloud. If your organization’s existing
network already uses explicit proxies and deploys PAC files on your client endpoints,
you can smoothly migrate from legacy proxy-based SWG solutions to Prisma Access
to
secure mobile users’ outbound internet traffic. You can also use an Explicit Proxy if
you need to use a proxy for compliance purposes. Explicit proxy uses the Mobile User
license. Prisma Access
Explicit Proxy FeaturesFeature | Description |
---|---|
App-ID | Continuously classifies all applications regardless of port,
TLS/SSL encryption, or technique used by an attacker to evade detection.
Unlike legacy solutions that depend on Layers 3 and 4 as the first layers of
control before application classification is applied, Prisma Access applies
App-ID along with other Layer 7 controls, such as User-ID. |
User-ID | Integrates with a wide range of user identity repositories so
that your policies follow your users and groups regardless of their
location. |
SSL Decryption | Inspects and applies policy to TLS/SSL-encrypted traffic. For
privacy and regulatory compliance, you can enable or disable decryption
flexibly based on URL, source, destination, user, user group, and
port. |
AI/ML-Based Detection | Delivers inline, signatureless attack detection and zero-day
exploit prevention. Prisma Access adapts and provides instantaneous
real-time protection vs. scheduled updates. It prevents up to 95% of unknown
threats instantly, with less than 10-second signature delivery, resulting in
a 99.5% reduction in infected systems. |
DNS Security | Applies real-time protections and inline machine learning to
disrupt C2 callback and other attacks that use DNS. Natively integrated into
Prisma Access , Advanced DNS Security provides automated protections,
preventing attackers from bypassing security measures, and eliminates the
need for independent tools or changes to DNS routing. |
Advanced URL Filtering | Superior protection against web-based threats, such as
phishing, malware, and C2, that combines powerful database protections with
an ML-powered web security engine that categorizes and blocks new malicious
URLs in real time. Industry-leading phishing protection tackles the most
common causes of breaches, letting you take back control of your web traffic
through fine-grained controls and policy settings that automate security
actions based on users, risk ratings, and content categories. |
Advanced Threat Prevention | Stop zero-day threats, known exploits, malware, spyware, and
malicious command and control (C2) with industry-leading threat prevention.
Prevent 60% more unknown injection attacks and 48% more highly evasive C2
traffic than traditional intrusion prevention systems. |
Advanced WildFire | Ensure files are safe by automatically preventing known,
unknown, and highly evasive malware 60X faster with the industry’s largest
threat intelligence and malware prevention engine. |
NG-CASB* | Gain proactive SaaS visibility, protection against
misconfigurations, and real-time data protection for best-in-class SaaS
security. |
Data Loss Prevention (DLP)* | Includes a set of tools and processes that allow you to protect
sensitive information against unauthorized access, misuse, extraction, or
sharing. DLP on Prisma Access enables you to enforce data security policies
and prevent the loss of sensitive data across mobile users and remote
networks. |
Remote Browser Isolation Support | Through CloudBlades, integrates with third-party RBI clouds by
leveraging existing NGFW URL categorization and URL rewrite features to
forward select/all internet-bound traffic to the RBI cloud. This capability
provides a seamless user experience while forwarding certain traffic
(unknown or high-risk categories) to RBI for additional inspection while the
remaining traffic can be inspected by Prisma Access and egress directly to
the internet. |
Reporting | Includes, as a standard, a detailed, customizable SaaS
application usage report that provides insight into all SaaS
traffic—sanctioned and unsanctioned—on your network. You can also create
custom reports based on your needs and easily schedule, download, and share
them with others in your organization. |
User Authentication | Supports all existing PAN-OS authentication methods, including
Kerberos, RADIUS, SAML, LDAP, client certificates, and a local user
database. With PAC only, supports Kerberos and SAML. |
Site-to-Site IPsec VPN | Supports site-to-site tunnels over IPv4 and IKEv1/IKEv2 to
ensure compatibility. For multiple connection sites, ECMP routing can
provide additional redundancy and cost efficiency by balancing sessions over
available internet connections. |
Logging | Shows overall traffic, application, user, threat, URL, and data
filter logging to facilitate organization of data via the cloud-based Cortex Data Lake . |
* Requires an add-on license.
For a detailed description of product features and capabilities, please refer
to the .
Prisma Access
datasheet