Features Introduced in Prisma Access 1.6.0
Prisma Access does not support versions of the Cloud
Services plugin earlier than 1.6, and you must upgrade to this version.
The following table describes the new features introduced in
Prisma Access version 1.6.0.
Feature | Description |
---|---|
If you specify the same DNS server to resolve
both internal and external domains, Prisma Access does not proxy
the DNS request, and you can view the actual source IP address of
the client that sent the DNS request. This enhancement allows you
to enforce source IP address-based DNS policies or identify endpoints
that communicate with malicious domains using the source IP of the
DNS requests. | |
You can use Prisma Access to specify DNS
servers to resolve both internal and public domains. If you specify
an internal DNS server to resolve internal DNS domains and then
specify either a public server or Prisma Access’ Cloud Default server
to resolve external domains, Prisma Access proxies the requests
from the remote network site. You can also specify an external DNS
server that is closer to the egress points of your remote network
sites than your internal DNS server, which can provide optimal connectivity
for SaaS applications such as Microsoft Office 365. | |
Prisma Access allows you to configure two
VLAN attachments for a single Clean Pipe location in an active/backup
configuration for intra-zone redundancy—an enhancement to the current
implementation, where you can specify two different VLAN attachments
in different availability zones (inter-zone redundancy). | |
QoS for Clean Pipe | For Clean Pipe deployments, you can create QoS policies to define
the traffic that receives QoS treatment and QoS profiles to define
the classes of service, including priority, that the traffic can
receive. You can define QoS based on DSCP values or zones (Trust
or Untrust). |
If you are hosting an internet-facing application
or service in your remote network location, you can use Prisma Access
to front-end that application or service and provide secure access
from both internal and external users over the internet. | |
200 Tenant Support for Multitenancy | The Cloud Services Plugin increases multitenant
support from 100 to 200 Prisma Access tenants. This gives Service
Providers and large enterprises the capability to expand how they
deploy and support disparate, segregated environments. For concurrent
Panorama administrator login maximums, see the Prisma Access Administrator’s
Guide (Panorama Managed). |
Support for Individual BGP Peers on Primary and
Secondary IPSec Tunnels | To facilitate dynamic IPSec tunnel failover
for BGP deployments if the on-premises devices do not use the same
IP addresses for BGP peering, you can specify different BGP peer
and local IP addresses for the primary and secondary (active and
backup) IPSec tunnels for service connections and remote network connections. |
This release adds support for Data Loss
Prevention (DLP) on Prisma Access. DLP on Prisma Access uses predefined
patterns, built-in settings, and options that make it easy for you
to protect files that contain certain file properties (such as a
document title or author), credit card numbers, regulated information
from different countries (like social security numbers), and third-party
DLP labels. DLP is an add-on license on Prisma Access.
You can either start with a 60-day trial or purchase a license to
use Enterprise DLP on Prisma Access. DLP on Prisma
Access includes the following elements:
| |
Prisma Access for Users and Prisma Access
for Networks can leverage Palo Alto Networks’ Directory Sync service
to retrieve user and group information for policy enforcement. | |
ECMP load balancing for Lower-Bandwidth Remote
Network Connections | You can configure ECMP Load Balancing for
remote networks with a bandwidth of 50, 100, or 150 Mbps, as well
as 300 Mbps, allowing lower-bandwidth connections to increase their
fault tolerance by adding up to four IPSec tunnels for a single
remote network. |
Prisma Access extends the protection of
mobile user traffic from IPv4/IPv6 dual-stacked endpoints with a
new CLI command that enables you to sinkhole IPv6 mobile user traffic.
Because endpoints can automatically fall back to an IPv4 address,
you can enable a secure and uninterrupted user experience for mobile
user traffic to the internet. |
Recommended For You
Recommended Videos
Recommended videos not found.