Features Introduced in Prisma Access 1.3.0
The following table describes the new features introduced in the Cloud Services plugin version 1.3.0. For additional information on how to use the new features in this release, refer to the Prisma Access Administrator’s Guide (Panorama Managed).
Upgrading to 1.3 causes changes to device groups.
Quality of Service (QoS) Support
You can now enable QoS in Prisma Access to mark and shape QoS traffic. Prisma Access delivers the same QoS marking and shaping features available today in Palo Alto Networks next-generation firewalls.
Support for Additional Service Connections
You can now configure up to 100 service connections in Prisma Access. Previously, a maximum of three service connections were allowed and you had to use remote network connections for additional connections to an HQ or data center site, which limited throughput to the configured bandwidth of the remote connection.
You can configure up to three service connections with no license cost; however, each additional connection uses 300 Mbps of the remote network bandwidth allocation from your Prisma Access license.
The license cost for additional service connections does not change their functionality. Prisma Access does not limit the bandwidth over service connections, and additional service connections work the same as other service connections.
Additional Bandwidth Choices for Remote Networks
In addition to the existing remote network bandwidth choices of 2 Mbps, 5 Mbps, 10 Mbps, 25 Mbps, 50 Mbps, 100 Mbps, or 300 Mbps, you can now select 20 or 150 Mbps, to better match commonly-used ISP speeds.
Expanded Visibility for Mobile Users
You now have expanded visibility for mobile users, including their client OS, their last login time, and their public IP addresses. You can view a list of currently logged in users or view historical information of previously-logged in users for a 90-day time period.
To view User ID information, select
; then click either
Users (Last 90 days)in the
Multiple Prisma Access Instances On a Single Panorama Appliance (Multi-Tenancy)
You can now host and manage multiple instances of Prisma Access (known as
tenants) on a single Panorama appliance. With multi-tenancy, each single Panorama appliance supports up to 100 tenants, each with their own templates and template stacks, device groups, and access domains. This enables you to create tenant-level administrative users who can view and edit the configuration for a single tenant.
You allocate remote network and mobile user license resources for each tenant based on the license that is associated with the Cloud Services plugin in Panorama. The minimum license allocation for each tenant is 500 Mbps for remote networks and 500 mobile users. You can also configure a tenant with only remote networks (minimum 500 Mbps) or mobile users (minimum 500 mobile users).
Since this feature is supported starting with PAN-OS version 8.1.6, you must use the Cloud Services plugin with a Panorama appliance running a minimum version of 8.1.6.
GlobalProtect App Generate Ticket Option
Since this enhancement is supported starting with PAN-OS version 8.1.6, you must use the Cloud Services plugin with a Panorama appliance running a minimum version of 8.1.6.
Persistent Public IP Addresses for Mobile User Gateways
This feature is applicable if you are adding Prisma Access public IP addresses to an allow list in your network to control access for SaaS or public applications.
With this release, Prisma Access now assigns two new sets of public IP addresses for mobile user gateways:
These new IP addresses will persist across future upgrades.
Prisma Access provides each customer with their own unique set of IP addresses. While the currently assigned IP address will change after you upgrade, this change does not affect mobile users' ability to connect to Prisma Access.
Public IP addresses for remote networks will not change after you upgrade, and you do not have to reconfigure your IPSec tunnels.
You can retrieve these new addresses by retrieving your API key and entering a curl command in the following format:
Where Current-API-Key is the Prisma Access API key.
For example, given an API key of
123abc, use the following curl command to retrieve the public IP address:
If you have a large number of mobile users from a single region, the reserved IP addresses might be insufficient to scale; in this case, Prisma Access adds more public IP addresses to the allocated IP sets and you will have to retrieve those new IP addresses to add to your allow lists. These extra sets of IP addresses also persist after an upgrade. Continue to use the curl command to get notified when additional sets of IPs are added to the reserved pool.
PAN-OS 8.1 Support
The Prisma Access infrastructure is upgraded to PAN-OS version 8.1. You can now implement PAN-OS 8.1 features in Prisma Access, including but not limited to the following features:
Upgrading the infrastructure to 8.1 causes changes to default behavior; for more information, see the following documentation:
Recommended For You
Recommended videos not found.