Changes to Default Behavior
The following chapter details the changes in default behavior after you upgrade to the Cloud Services plugin version 1.6. For the system requirements you need before you upgrade, see Prisma Access Panorama Requirements and Upgrade Schedule.
ECMP load balancing for remote networks
If you enable ECMP load balancing to use up to four IPSec tunnels with a single remote network, Prisma Access uses the same link for return traffic as it uses to send the traffic (
Enabled with Symmetric Return). After you upgrade the plugin to 1.6, if your deployment has the setting of
Enabled, you will be prompted to change it to
Enabled with Symmetric Return. If you do not change this setting, you will receive an error when you perform a local commit until you change it. If you already have
Enabled with Symmetric Returnspecified for ECMP, or if you have not enabled ECMP, no action is required.
Hot potato routing AS-PATH prepending changes
When you enable Hot Potato Routing for service connections, the following AS-PATH prepending changes are made. The changes for secondary BGP peers are new for 1.6, and some additional changes are made for primary connections:
Addition of __cloud_services Panorama Administrative User
After you install the Cloud Services plugin 1.6, the plugin creates a Panorama administrative user with a username of
__cloud_services. This user account is required to enable communication between Enterprise DLP on Prisma Access and the Prisma Access management infrastructure. Palo Alto Networks recommends that you change the password for this administrative user in accordance with your organization’s password policy.
Recommended For You
Recommended videos not found.