Configure an on-premises or VM-Series Firewall as a Master Device
Table of Contents
Configure an on-premises or VM-Series Firewall as a Master
Device
Use the following procedure to configure an
on-premises or VM-series firewall as a Master Device.
You
can only use one Master Device per device group; if you need to
configure a Master Device for different device groups, you need
to create a separate Master Device for each device group.
- Make sure that the device you want to use as a Master Device is managed by the same Panorama that manages Prisma Access.You can check your managed devices under .
- Add the master device to your Prisma Access mobile user or remote network deployment.
- For a Mobile Users—GlobalProtect deployment, select , click the gear icon in theSettings, and select the on-premise firewall you want to specify as aMaster Device.If you use the defaultDevice Group Name(Mobile_User_Device_Groupin this case) andParent Device Group(Sharedin this case), any devices that are not associated with another device group display in the drop-down choices. If you have associated the master device with another device group, select theParent Device Groupassociated with that device group have it display in the drop-down.
- For a Mobile Users—Explicit Proxy deployment, select , click the gear icon in theSettings, and select theMaster Deviceyou created.
- For remote network deployments, the device group with a remote network connection, select , click the gear icon in theSettings, and select theMaster Deviceyou created.
Prisma Access automatically populates username-to-user group mapping for the device group that is associated with the master device only. For this example, the auto-population would occur only in theRemote_Network_Device_Groupdevice group and would not populate to any other device groups. - ClickOK.