Prisma Access Licensing
Learn what type of licenses you need to use Prisma Access for mobile users, remote networks, and Clean Pipe instances.
The following sections describe the licensing options for Prisma Access, as well as components that are required to use the service.
Prisma Access Licenses
The licenses you need for Prisma Access depend on whether you want to use the service to secure your remote networks, your mobile users, or both:
- Prisma Access for Networks (formerly GlobalProtect Cloud Service for Remote Networks)—To license Prisma Access for networks you purchase a bandwidth pool, which you can divide among each remote network location that you onboard in increments of 2 Mbps, 5 Mbps, 10 Mbps, 20 Mbps, 25 Mbps, 50 Mbps, 100 Mbps, 150 Mbps, 300 Mbps, 500 Mbps, or 1000 Mbps.To enable traffic peaks, the service allows you to go 10% over the allocated bandwidth for each site; traffic overages above this peak limit is dropped. See How to Calculate Remote Network Bandwidth for more details about the correct bandwidth to specify for your remote network.A remote network’s bandwidth speed is enforced equally in both directions. If you assign a remote network with 50Mbps bandwidth, then 55 Mbps (50 Mbps plus 10% overage allocation) is enforced for both ingress and egress traffic. If you have an asymmetric internet connection (which is a common deployment), you should specify the higher of the two values to fully utilize the circuit.
- Prisma Access for Users (formerly GlobalProtect Cloud Service for Mobile Users)—You license Prisma Access for mobile users based on number of users, with tiers from 200 users to more than 50,000 users. Prisma Access for mobile users requires the GlobalProtect app on each supported endpoint. Though there is no strict policing of the mobile user count, the service does track the number of unique users over the last 90 days to ensure that you have purchased the proper license tier for your user base, and stricter policing of user count may be enforced if continued overages occur.
- Prisma Access for Clean Pipe—The Prisma Access for Clean Pipe service allows organizations that manage the IT infrastructure of other organizations, such as service providers, MSSPs, or Telcos, to quickly and easily protect outbound internet traffic for their tenants.
Other Required Licenses
In addition to the Prisma Access licenses, in order to run the service you must also have the following licensed components:
- Panorama—You deploy and manage Prisma Access using the Cloud Services plugin for Panorama. In order to use this plugin, you must have Panorama with a valid support license. See the Palo Alto Networks Compatibility Matrix for the Panorama versions that are supported with the Cloud Services plugin. When you license the Prisma Access components, you must tie the auth code to a licensed Panorama serial number.
- Cortex Data Lake—The Prisma Access infrastructure forwards all logs to Cortex Data Lake. You can view the Prisma Access logs, ACC, and reports directly from Panorama for an aggregated view into your remote network and mobile user traffic. To enable logging for Prisma Access, you must purchase a Cortex Data Lake license.
GlobalProtect Cloud Service Licensing
Learn what type of licenses you need to use the GlobalProtect cloud service for mobile users and remote networks. ...
Configure the Clean Pipe Service
Configure the Clean Pipe Service To set up the Clean Pipe service for your tenants, complete the following steps. Enable Multitenancy and Create a Tenant ...
About Prisma Access
Prisma Access As your business expands globally with new remote network locations popping up around the globe and mobile users roaming the world, it can ...
Plan for IP Address Changes for Mobile Users, Remote Networks, and Service Connections
Plan for IP Address Changes for Mobile Users, Remote Networks, and Service Connections After you set up your Prisma Access deployment, it is useful to ...
Multitenancy Configuration Overview
Multitenancy Configuration Overview Use the following workflow to enable and configure the ability to manage multiple tenants in a single Panorama appliance. Enable multitenancy. If ...
Clean Pipe Overview
Clean Pipe Overview To allow organizations that manage the IT infrastructure of other organizations, such as service providers, MSSPs, or Telcos, to quickly and easily ...
Prisma Access Release Information To simplify the process of extending the same best-in-breed security to your remote network locations and your mobile workforce without having ...
How to Calculate Remote Network Bandwidth
How to Calculate Remote Network Bandwidth When you onboard a remote network, it is important to specify the correct remote network connection bandwidth that meets ...