Onboard Mobile Users (Cloud Management)

Set up a mobile users location in just a few steps (Prisma Access Cloud Management).
Here’s an overview of how to set up a mobile users location — and start onboarding mobile users to Prisma Access — in just a few steps.
  1. Choose a connection type, or use both GlobalProtect or Explicit Proxy
    First decide how the mobile users in the location you’re setting up should connect to Prisma Access. You can divide your mobile user license between GlobalProtect and Explicit Proxy connections; some users can connect through GlobalProtect and others through Explicit Proxy.
    • GlobalProtect Connection
      The GlobalProtect app installed on mobile user devices sends traffic to Prisma Access.
    • Explicit Proxy Connection
      A proxy auto-config (PAC) file on mobile user devices redirects browser traffic to Prisma Access.
      Here’s specific steps you can follow to set up GlobalProtect with an explicit proxy.
      Explicit Proxy is supported with the Prisma Access Innovation 2.0 release. Check with your account team if you’d like to upgrade your environment to Prisma Access 2.0 Innovation.
  2. Set up basic infrastructure settings
    Configure the infrastructure settings that are specific to your connection type (GlobalProtect or Explicit Proxy). For both connection types, there are only a few required settings that you need to fill out initially, in order for Prisma Access to provision your mobile users environment.
  3. Choose the Prisma Access location to which your mobile users will connect
    Add the Prisma Access locations where you want to support mobile users.
    The map displays the global regions where you can deploy Prisma Access for users: North America, South America, Europe, Africa, Middle East, Asia, Japan, and ANZ (Australia and New Zealand). In addition, Prisma Access provides multiple locations within each region to ensure that your users can connect to a location that provides a user experience tailored to the users’ locale. For the best performance,
    Select All
    . Alternatively, select the specific locations within each selected region where your users will need access. By limiting your deployment to a single region, you can have more granular control over your deployed regions and exclude regions required by your policy or industry regulations.
    For the best user experience, if you are limiting the number of locations, choose locations that are closest to your users or in the same country as your users. If a location is not available in the country where your mobile users reside, choose a location that is closest to your users for the best performance.
  4. Authenticate mobile users
    Set up User Authentication so that only legitimate users have access to your services and applications.
    To test your setup, you can add users that Prisma Access authenticates locally, or you can go straight to setting up enterprise-level authentication (here’s more on how to Enable Mobile Users to Authenticate to Prisma Access).
  5. Prisma Access enforces best practice security policy rules by default. These rules allow your users to securely browse to general internet sites. Users are:
    • Blocked from visiting known bad websites based on URL
    • Blocked from uploading or downloading files that are known to be malicious
    • Protected from unknown, never-before-seen threats
    • Protected from viruses, spyware (command and control attacks), and vulnerabilities
    After going through the initial setup, you can review and update these default rules to meet your enterprise needs.
  6. Verify that the mobile users location is active
    After you push your initial configuration to Prisma Access, Prisma Access begins provisioning your mobile user environment. This can take up to 15 minutes. When your mobile user locations are up and running, you’ll be able to verify them on the Mobile Users setup pages, the Overview, and within Insights.
    You can also validate your setup by selecting
    Prisma Access
    Prisma Access Setup
    and edit infrastructure settings to confirm a gateway is set up in each of the locations you provisioned.

Recommended For You