Web Proxy for Cloud-Managed Firewalls
Focus
Focus
What's New in the NetSec Platform

Web Proxy for Cloud-Managed Firewalls

Table of Contents

Web Proxy for Cloud-Managed Firewalls

You can now configure a web proxy for your cloud-managed firewalls.
Prisma Access has its own, separate method of configuring explicit proxy. This new feature applies only to cloud-managed firewalls.
You can now configure a web proxy on the firewalls you're managing with Strata Cloud Manager. That means that if you plan to use an NGFW as a proxy device to secure your network, you can now configure your proxy settings across your deployment from a simple, unified management interface.
This interface includes an in-app proxy auto-configuration (PAC) file editor so that you can edit your proxy settings and modify your PAC file all in one place whenever network changes arise.
The web proxy supports two methods for routing traffic:
  • For the explicit proxy method, the request contains the destination IP address of the configured proxy and the client browser sends requests to the proxy directly. You can use one of following methods to authenticate users with the explicit proxy:
    • Kerberos, which requires a web proxy license.
    • SAML 2.0, which requires a Prisma Access license and the add-on web proxy license.
  • For the transparent proxy method, the request contains the destination IP address of the web server and the proxy transparently intercepts the client request (either by being in-line or by traffic steering). There is no client configuration and Panorama is optional. Transparent proxy requires a loopback interface, User-ID configuration in the proxy zone, and specific Destination NAT (DNAT) rules, which you can configure using Transparent Proxy Rules in Strata Cloud Manager. Transparent proxy does not support X-Authenticated Users (XAU) or Web Cache Communications Protocol (WCCP).
You can push web proxy configurations to the following platforms:
  • PA-1400
  • PA-3400
  • VM Series (with a minimum of four vCPUs)