Home
EN
Location
Documentation Home
Palo Alto Networks
Support
Live Community
Knowledge Base
MENU
Home
Prisma
Prisma Access
Prisma Access Administrator’s Guide (Panorama Managed)
Configure User-ID and User-Based Policies with Prisma Access
Redistribute User-ID Information Between Prisma Access and On-Premises Firewalls
Redistribute User-ID Information From an On-Premises Firewall to Prisma Access
Document:
Prisma Access Administrator’s Guide (Panorama Managed)
Redistribute User-ID Information From an On-Premises Firewall to Prisma Access
Download PDF
Last Updated:
Sun Apr 23 15:12:36 UTC 2023
Current Version:
3.2 Preferred and Innovation
Version 3.2 Preferred and Innovation
Version 3.1 Preferred and Innovation
Version 3.0 Preferred and Innovation
Table of Contents
Filter
Prisma Access Overview
Prisma Access
Prisma Access Infrastructure Management
Releases and Upgrades
Prisma Access Release Types
Prisma Access Upgrade Types
Cadence for Software and Content Updates for Prisma Access
Prisma Access Dataplane Upgrades
Dataplane Upgrade Overview
Dataplane Upgrade Example
Use the Prisma Access App to Get Upgrade Alerts and Updates
View Prisma Access Software Versions
Prisma Access Licensing
Determine Your Prisma Access License Type from Panorama
Cheat Sheet: Integrate ADEM with Panorama Managed Prisma Access
Cheat Sheet: Integrate IoT Security with Panorama Managed Prisma Access
Cheat Sheet: Enterprise DLP on Panorama Managed Prisma Access
Visibility and Monitoring Features in the Prisma Access App
Monitor Your Prisma Access Data Transfer Usage
Plan for Prisma Access IP Address Changes
IP Address Allocation For Mobile Users on Prisma Access
Public IP Address Scaling Examples for Mobile Users
Loopback IP Address Allocation for Mobile Users
Remote Network IPSec Termination Nodes and Service IP Addresses on Prisma Access
IP Address Changes For Remote Network Connections That Allocate Bandwidth by Location
Service IP and Egress IP Address Allocation for Remote Networks
Retrieve the IP Addresses for Prisma Access
Prisma Access IP Address Retrieval Using the API Examples
Pre-Allocate IP Addresses for Prisma Access Mobile User Locations
Set Up Prisma Access IP Address Change Notifications
Use Legacy Scripts to Retrieve Loopback Addresses
Use the Legacy Script to Retrieve Mobile User IP Addresses
Use the Legacy Script to Retrieve Public, Loopback, and Egress IP Addresses
Zone Mapping
Prisma Access APIs
Prisma Access Deployment Progress and Status
Troubleshoot the Prisma Access Deployment
Activate and Install the Prisma Access Components
Activate and Install Panorama Managed Prisma Access
Verify Your Account Using the One-Time Password
Transfer or Update Panorama Managed Prisma Access Licenses
Reset Your Panorama Managed Prisma Access License
Transfer or Update Prisma Access Licenses Between Panorama Appliances
Configure Panorama Appliances in High Availability for Panorama Managed Prisma Access
Prepare the Prisma Access Infrastructure and Service Connections
Set Up Panorama Managed Prisma Access
Prisma Access Service Infrastructure
Service Infrastructure Requirements
Configure the Service Infrastructure
Prisma Access Service Connections
Plan the Service Connections
Create a Service Connection to Allow Access to Private Apps
Verify Service Connection Status
Create a Service Connection to Enable Access between Mobile Users and Remote Networks
Prisma Access Colo-Connect (Preview)
Prisma Access Locations
Prisma Access Locations by Compute Location
Prisma Access Locations by Region
Map of North America Prisma Access Locations
Explicit Proxy Locations
Secure Mobile Users
Prisma Access Mobile User Deployments
GlobalProtect on Prisma Access
Planning Checklist—GlobalProtect on Prisma Access
IP Address Pools in a Mobile Users—GlobalProtect Deployment
Set Up GlobalProtect on Panorama Managed Prisma Access
Enable Mobile User Regional Redundancy
How the GlobalProtect App Selects a Prisma Access Location for Mobile Users
Explicit Proxy on Prisma Access
How Explicit Proxy Works in Prisma Access
How Explicit Proxy Identifies Users
Planning Checklist—Explicit Proxy
Set Up Your Explicit Proxy PAC File
Secure Mobile Users with an Explicit Proxy
Create Block Settings in an Explicit Proxy Deployment
Use Special Objects to Restrict Explicit Proxy Internet Traffic to Source IP Addresses
Monitor and Troubleshoot Explicit Proxy
Monitor and Log Out GlobalProtect Users in Prisma Access
View GlobalProtect Mobile Users from the Status Tab
View GlobalProtect Mobile Users from the Monitor Tab
How Prisma Access Counts GlobalProtect Mobile Users
Manage GlobalProtect App Upgrades in Prisma Access
Select the Active GlobalProtect App Version for Prisma Access
Manage User Access to GlobalProtect App Updates from Prisma Access
Perform Staged Updates of the GlobalProtect App on Prisma Access
Deploy Explicit Proxy and GlobalProtect or a Third-Party VPN in Prisma Access
Use Explicit Proxy with GlobalProtect and Third-Party VPNs Examples
How Explicit Proxy Works With GlobalProtect
Requirements and Recommendations for Using Explicit Proxy with GlobalProtect and Third-Party VPNs
Use Explicit Proxy with GlobalProtect
Use Explicit Proxy with Third-Party VPNs
Integrate Prisma Access with On-Premises Gateways
Manage Priorities for Prisma Access and On-Premises Gateways
Set Equal Gateway Priorities for On-Premises and Prisma Access Gateways
Set a Higher Gateway Priority for an On-Premises Gateway
Set Higher Priorities for Multiple On-Premises Gateways
Configure Priorities for Prisma Access and On-Premises Gateways
Allow Mobile Users to Manually Select Specific Prisma Access Gateways
Allow Listing for Mobile Users—GlobalProtect Deployments
Manage Allow Listing for Existing Mobile User Deployments
Manage Allow Listing for New Prisma Access Deployments
Allow Listing Examples for Autoscale Events
Fields in the Egress IP Allow List table
Report Prisma Access Website Access Issues
Use Remote Networks to Secure Branches
Prisma Access Remote Network Deployments
Planning Checklist—Prisma Access Remote Networks
Onboard and Configure Remote Networks
Configure Prisma Access for Networks—Allocating Bandwidth by Compute Location
Configure Prisma Access for Networks—Allocating Bandwidth by Location
Verify Remote Network Connection Status
Verify Remote Connection BGP Status
Plan to Migrate to an Aggregate Bandwidth Remote Network Deployment
Migrate to the Aggregate Bandwidth Model
Remote Network Locations with Overlapping Subnets
Configure Remote Network and Service Connection Connected with a WAN Link
Use Predefined IPSec Templates to Onboard Service and Remote Network Connections
Onboard a Service Connection or Remote Network Connection Using Predefined Templates
Onboard Multiple Remote Network Connections of the Same Type
Supported IKE and IPSec Cryptographic Profiles for Common SD-WAN Devices
Onboard Remote Networks with Configuration Import
Fields in Remote Networks Table
How to Calculate Remote Network Bandwidth
Configure User-ID and User-Based Policies with Prisma Access
Configure User-ID in Panorama Managed Prisma Access
Configure User-ID for Remote Network Deployments
Get User and Group Information Using the Cloud Identity Engine
Populate User and Group Names in Security Policy Rules
Populate User Group Names in Security Policy Rules Using the Cloud Identity Engine
Populate User Group Names in Security Policy Rules Using a Master Device
Configure an on-premises or VM-Series Firewall as a Master Device
Use Long-Form DN Entries to Implement User- and Group-Based Policy
Redistribute User-ID Information Between Prisma Access and On-Premises Firewalls
Redistribute User-ID Information From Prisma Access to an On-Premise Firewall
Redistribute User-ID Information From an On-Premises Firewall to Prisma Access
Quality of Service in Prisma Access
QoS Examples
Configure QoS in Prisma Access
QoS for Remote Networks
QoS for Remote Networks Using Guaranteed Bandwidth and Bandwidth Allocation Ratios
Change the Guaranteed Bandwidth For Remote Networks
Select QoS Profiles for Remote Networks
Configure Quality of Service in Prisma Access
Configure Quality of Service for Clean Pipe
Manage Multiple Tenants in Prisma Access
Multitenancy Overview
Multitenancy Configuration Overview
Plan Your Multitenant Deployment
Create an All-New Multitenant Deployment
Enable Multitenancy and Migrate the First Tenant
Add Tenants to Prisma Access
Delete a Tenant
Create a Tenant-Level Administrative User
Control Role-Based Access for Tenant-Level Administrative Users
Remove Plugin Access for a Tenant-Level Administrative User
Sort Logs by Device Group ID in a Multitenant Deployment
Prisma Access Advanced Deployments
Advanced Deployments that Apply to All Prisma Access Types
Add a New Compute Location for a Deployed Prisma Access Location
IPv6 Support for Private App Access
Private App Access Over IPv6 Examples
Enable and Configure IPv6 Networking and IP Pools in Your Prisma Access Infrastructure
Enable IPv6 Networking for a Mobile Users—GlobalProtect Deployment
Enable IPv6 Networking for Service Connections
Enable IPv6 Networking for Remote Networks
DNS Resolution for Mobile Users—GlobalProtect and Remote Network Deployments
DNS Resolution for Mobile Users—GlobalProtect Deployments
DNS Resolution for Remote Networks
How BGP Advertises Mobile User IP Address Pools for Service Connections and Remote Network Connections
Proxy Support for Prisma Access and Cortex Data Lake
Prisma Access Service Connection Advanced Deployments
Service Connection Multi-Cloud Redundancy
Configure and Activate Service Connection Cloud Provider Redundancy for Panorama Managed Prisma Access
Supported In-Country Active and Backup Cloud Provider Redundancy Locations
Use Traffic Steering to Forward Internet-Bound Traffic to Service Connections
Default Routes With Prisma Access Traffic Steering
Traffic Steering in Prisma Access
Traffic Steering Requirements
Default Routes with Traffic Steering Example
Default Routes with Traffic Steering Direct to Internet Example
Default Routes with Traffic Steering and Dedicated Service Connection Example
Prisma Access Traffic Steering Rule Guidelines
Configure Zone Mapping and Security Policies for Traffic Steering Dedicated Connections
Configure Traffic Steering in Prisma Access
Routing for Service Connection Traffic
Mobile User and Remote Network Routing to Service Connections
Prisma Access Default Routing
Prisma Access Hot Potato Routing
Configure Routing Preferences
Create a High-Bandwidth Network Using Multiple Service Connections
Create a High-Bandwidth Connection to a Headquarters or Data Center Location
Configure More than Two Service Connections to a Headquarters or Data Center Location
Prisma Access Mobile Users—GlobalProtect Advanced Deployments
Configure Multiple Portals in Prisma Access
Dynamic DNS Registration Support for Mobile Users—GlobalProtect
Enable DDNS for Mobile Users—GlobalProtect
Verify Dynamic DNS Configuration
Identification and Quarantine of Compromised Devices in a Prisma Access GlobalProtect Deployment
Use Cases for Quarantine List Redistribution
Configure Quarantine List Redistribution in Prisma Access
