Features Introduced in Prisma Access 2.1 Preferred

This section lists the new features that are available in Prisma Access (Panorama Managed) 2.1, along with upgrade information and considerations if you are upgrading from a previous Prisma Access version.

Cloud Services Plugin 2.1 Preferred and Innovation

There are two Prisma Access 2.1 plugin versions:
  • Cloud Services Plugin 2.1 Preferred
    runs on the PAN-OS version 9.1.7 dataplane, which is the recommended version for Prisma Access 2.0 and 2.1. This is the same dataplane as that running in 2.0 Preferred.
  • Cloud Services Plugin 2.1 Innovation
    runs on the PAN-OS 10.0.5 dataplane and unlocks the latest features available with the PAN-OS 10.0.5 dataplane, including all the features in the Cloud Services Plugin 2.1 Innovation version.

Upgrade Considerations for Prisma Access 2.1 Preferred

If your deployment is on 2.0 Preferred, a dataplane upgrade is not required to upgrade to 2.1 Preferred, because the dataplane version will remain as 9.1.7.
By default, your 2.0 Preferred deployment will be upgraded to 2.1 Preferred. You can continue to use the 2.0 Preferred version of the Cloud Services plugin until you download and install the 2.1 Preferred version of the Cloud Services plugin.

New Features—Cloud Services Plugin 2.1 Preferred

The following table describes the new features introduced in Prisma Access version 2.1 Preferred.
Prisma Access supports GlobalProtect versions 5.1 and 5.2. For a list of the Panorama software versions that are supported with Prisma Access, see Minimum Required Panorama Software Versions in the Palo Alto Networks Compatibility Matrix.
Feature
Description
Licensing Updates
If you have activated a new Prisma Access deployment with a global worldwide presence, you can make use of the new Global Evaluation option to evaluate Prisma Access at global scale.
Prisma SD-WAN CloudBlade Thin Client Integration with Cloud Services Plugin
For Prisma SD-WAN integrations with Prisma Access, the Cloud Services plugin includes a built-in CloudBlade Version 3.0 thin client that eliminates the requirement to have a Docker container host or Kubernetes environment to host a separate CloudBlade. This integration enables easier onboarding of Prisma SD-WAN devices using remote network connections. This integration will be included in Prisma Access 2.1 at a later date.
Support for Asymmetric Routing Across Multiple Service Connections
Using Backbone Routing options, you can specify Prisma Access to allow asymmetric flows through the Prisma Access backbone. The ability to allow asymmetric flows across multiple service connections is useful in cases where you want to use ECMP or another load balancing mechanism for service connections from your CPE.
Trusted (TLS) API Endpoints
Prisma Access API endpoints use a new SSL/TLS server certificate from a trusted third-party certificate authority (CA), which enables you to retrieve the Prisma Access public and infrastructure addresses from an API URL that uses SSL/TLS and a trusted certificate. The new API endpoint is
api.prod.datapath.prismaaccess.com
.
If you are using the current API to retrieve Prisma Access public and infrastructure IP addresses, that functionality is not affected.
WildFire Australia Cloud Support
To allow you to adhere to data sovereignty and residency laws as well as established data protection and privacy regulations, Prisma Access supports the use of the WildFire Australia Cloud (au.wildfire.paloaltonetworks.com). The following locations map to the WildFire Australia Cloud:
  • Australia East
  • Australia Southeast
  • Australia South
  • New Zealand
  • Papua New Guinea

Recommended For You