Prisma Access
Onboard Mobile Users and Branch Offices in Mainland China
Table of Contents
Onboard Mobile Users and Branch Offices in Mainland China
Use Prisma Access to secure mobile users and branch offices
in mainland China.
Where Can I Use This? | What Do I Need? |
|---|---|
|
|
Global expansion, mobile workforces, and cloud computing can shift the locations of your
enterprise’s applications, data, and users. These changes introduce new opportunities
globally, but they also introduce new vectors for cybersecurity risk. Prisma Access
provides a solution to manage mobile users and branch offices anywhere in the world,
including navigating access and security complexities in mainland China.
While Prisma Access is not available as a service in China, you can now
extend its capabilities into mainland China, while still allowing a secure local
internet breakout to mobile users and offices located in China. Palo Alto Networks
provides this solution with a hybrid architecture that seamlessly integrates Prisma
Access with a Next-Generation Firewall platform located in mainland China. You can use a
firewall that is physically located in mainland China or a VM-series firewall that is
deployed in a public cloud region in mainland China.
Users in mainland China connect to Prisma Access over a hybrid connection established
between the firewall in mainland China and a location outside of the mainland. The
following figure shows the process.
After users in mainland China connect to your organization’s next-generation firewall
infrastructure, they get secure access to the internet and local SaaS providers in
mainland China. To gain access to applications outside of China, the firewall connects
to a Prisma Access location outside China using the hybrid connectivity of your choice,
as shown in the following figure. To view more details about the configuration you
perform, see the workflows you use to onboard mobile users and branch offices.
These solutions gives your organization the following benefits:
- Delivers secure local internet breakout to mobile users and offices located in China.
- Provides secure access to internal applications as well as SaaS and cloud applications, both inside and outside China.
- Leverages an existing Next-Generation Firewall infrastructure to connect to Prisma Access.
The solution requires the following components:
- An active Prisma Access subscription.
- One or more next-generation firewalls in mainland China (either on-premise or VM-series).If your deployment in China has existing on-premise firewalls, you can leverage those for your deployment.
- Connectivity to a location outside China over an approved channel (hybrid connectivity).You can use one of the following connections for the hybrid connectivity between mainland China and the location outside mainland China:
- An MPLS circuit
- A private line
- Alibaba Cloud Express Connect (CEN)
The examples in this chapter use CEN as the hybrid connectivity.