Features Introduced in Prisma Access

You must upgrade your Panorama to a minimum version of 9.0.3-h3 (9.0.4 recommended)
before installing the 1.5 Cloud Services plugin. The Cloud Services plugin 1.5 and later require Panorama version 9.0.3-h3 or later. Installing the 1.5 plugin with a Panorama running 8.1 or lower will result in an unsupported configuration and data loss. See Minimum Panorama of 9.0.3-h3 Required for Prisma Access 1.5 for details.
If your business processes cannot accommodate the Panorama upgrade in time before the 1.5 plugin is released, review the information in Cloud Services Plugin Interoperability to schedule your Panorama upgrade at a later time.
The following table describes the new features introduced in Prisma Access version 1.5.
Feature
Description
PAN-OS 9.0 feature support
Route preferences and preferred backup for service connections
In addition to Prisma Access’ default routing for service connections, Prisma Access allows a new choice,
Hot potato routing
, which changes the way routes are imported and advertised to and from Prisma Access so that traffic destined to service connections (for example, HQ or data center traffic) exits the Prisma Access network as quickly as possible.
In addition, to help ensure routing symmetry in the event of a link failure, you can choose a preferred service connection to use as a backup if a link to a service connection fails (
Backup SC
).
ECMP load balancing for remote network connections
To provide additional network resiliency using redundant instances of your customer premises equipment (CPE), Prisma Access allows you to add up to four IPSec tunnels for a single remote network.
BGP default route support for remote network connections
Prisma Access can advertise a default route for remote network connections using BGP; you can then use this route in your organization’s network to direct traffic to Prisma Access.
API command enhancements
Prisma Access adds improvements to the commands you use to retrieve the public IP addresses (the source IP addresses that Prisma Access uses for requests to an internet-based source).
The API command has the following enhancements for mobile user deployments:
  • The API command lists the locations associated with the reserved IP addresses.
  • You can easily retrieve both the active IP addresses for each location and the reserved IP addresses for those locations that are used for scaling events. You can request the active addresses, the reserved addresses, or all sets of addresses.
Custom URL Category enhancements
You can specify up to 2,000 wild card (*.example.com) URLs (including those specified in custom URL categories), an increase from 500, when you use traffic forwarding rules with service connections.
Redistribute HIP information
To ensure consistent Host Information Profile (HIP) policy enforcement and to simplify policy management, you can redistribute HIP information received from mobile users and users at remote networks that use the GlobalProtect app from Prisma Access to other gateways, firewalls, and Panorama appliances in your enterprise, including the Panorama that manages Prisma Access.
View HIP report from Panorama
After you configure Prisma Access to redistribute HIP information to Panorama, you can then view the HIP report from Panorama.

Related Documentation