Configure an on-premises or VM-Series Firewall as a Master Device
Table of Contents
Configure an on-premises or VM-Series Firewall as a Master Device
Use the following procedure to configure an
on-premises or VM-series firewall as a Master Device.
You
can only use one Master Device per device group; if you need to
configure a Master Device for different device groups, you need
to create a separate Master Device for each device group.
- Make sure that the device you want to use as a
Master Device is managed by the same Panorama that manages Prisma
Access. You can check your managed devices under .
- Add the master device to your Prisma Access mobile user
or remote network deployment.
- For a Mobile Users—GlobalProtect deployment, select , click the gear icon in the Settings, and select the on-premise firewall you want to specify as a Master Device.If you use the default Device Group Name (Mobile_User_Device_Group in this case) and Parent Device Group (Shared in this case), any devices that are not associated with another device group display in the drop-down choices. If you have associated the master device with another device group, select the Parent Device Group associated with that device group have it display in the drop-down.
![]()
- For a Mobile Users—Explicit Proxy deployment, select , click the gear icon in the Settings, and select the Master Device you created.
![]()
- For remote network deployments, the device group with a remote network connection, select , click the gear icon in the Settings, and select the Master Device you created.
![]()
Prisma Access automatically populates username-to-user group mapping for the device group that is associated with the master device only. For this example, the auto-population would occur only in the Remote_Network_Device_Group device group and would not populate to any other device groups. - Click OK.
