Changes to Default Behavior
Because you do not need to upgrade your Panorama or the Cloud Services plugin from 1.6.0 to take advantage of the 1.6.1 release (Prisma Access upgrades its infrastructure automatically), these changes also apply to Prisma Access 1.6.1.
ECMP load balancing for remote networks
If you enable ECMP load balancing to use up to four IPSec tunnels with a single remote network, Prisma Access uses the same link for return traffic as it uses to send the traffic (
Enabled with Symmetric Return). After you upgrade the plugin to 1.6, if your deployment has the setting of
Enabled, you will be prompted to change it to
Enabled with Symmetric Return. If you do not change this setting, you will receive an error when you perform a local commit until you change it. If you already have
Enabled with Symmetric Returnspecified for ECMP, or if you have not enabled ECMP, no action is required.
Hot potato routing AS-PATH prepending changes
When you enable Hot Potato Routing for service connections, the following AS-PATH prepending changes are made. The changes for secondary BGP peers are new for 1.6, and some additional changes are made for primary connections:
Addition of __cloud_services Panorama Administrative User
After you install the Cloud Services plugin 1.6, the plugin creates a Panorama administrative user with a username of
__cloud_services. This user account is required to enable communication between Enterprise DLP on Prisma Access and the Prisma Access management infrastructure. Palo Alto Networks recommends that you change the password for this administrative user in accordance with your organization’s password policy.
Recommended For You
Recommended videos not found.