Features Introduced in Prisma Access
You must upgrade your Panorama to a minimum version of 9.0.3-h3 (9.0.4 recommended)before installing the 1.5 Cloud Services plugin. The Cloud Services plugin 1.5 and later require Panorama version 9.0.3-h3 or later. Installing the 1.5 plugin with a Panorama running 8.1 or lower will result in an unsupported configuration and data loss. See Minimum Panorama of 9.0.3-h3 Required for Prisma Access 1.5 for details.
If your business processes cannot accommodate the Panorama upgrade in time before the 1.5 plugin is released, review the information in Cloud Services Plugin Interoperability to schedule your Panorama upgrade at a later time.
The following table describes the new features introduced in Prisma Access version 1.5.
PAN-OS 9.0 feature support
This release offers support for PAN-OS 9.0, which includes the following new features and enhancements:
Note that the following 9.0 features are not supported:
Route preferences and preferred backup for service connections
In addition to Prisma Access’ default routing for service connections, Prisma Access allows a new choice,
Hot potato routing, which changes the way routes are imported and advertised to and from Prisma Access so that traffic destined to service connections (for example, HQ or data center traffic) exits the Prisma Access network as quickly as possible.
In addition, to help ensure routing symmetry in the event of a link failure, you can choose a preferred service connection to use as a backup if a link to a service connection fails (
ECMP load balancing for remote network connections
To provide additional network resiliency using redundant instances of your customer premises equipment (CPE), Prisma Access allows you to add up to four IPSec tunnels for a single remote network.
BGP default route support for remote network connections
Prisma Access can advertise a default route for remote network connections using BGP; you can then use this route in your organization’s network to direct traffic to Prisma Access.
API command enhancements
Prisma Access adds improvements to the commands you use to retrieve the public IP addresses (the source IP addresses that Prisma Access uses for requests to an internet-based source).
The API command has the following enhancements for mobile user deployments:
Custom URL Category enhancements
Redistribute HIP information
To ensure consistent Host Information Profile (HIP) policy enforcement and to simplify policy management, you can redistribute HIP information received from mobile users and users at remote networks that use the GlobalProtect app from Prisma Access to other gateways, firewalls, and Panorama appliances in your enterprise, including the Panorama that manages Prisma Access.
View HIP report from Panorama
After you configure Prisma Access to redistribute HIP information to Panorama, you can then view the HIP report from Panorama.