>
    Strata Copilot
    ZTNA Connector Capabilities: Application Discovery, User-ID Across NAT, and Connector IP Block Deletion
    Focus
    Download PDF
    Focus
    1. Home
    2. What's New in the NetSec Platform
    3. What's New in the NetSec Platform
    4. June 2024
    5. ZTNA Connector Capabilities: Application Discovery, User-ID Across NAT, and Connector IP Block Deletion
    Download PDF
    What's New in the NetSec Platform

    ZTNA Connector Capabilities: Application Discovery, User-ID Across NAT, and Connector IP Block Deletion

    Table of Contents

    ZTNA Connector Capabilities: Application Discovery, User-ID Across NAT, and Connector IP Block Deletion

    Learn about the ZTNA Connector enhancements that are supported in Prisma Access 5.1.1
    • Application Discovery Simplifies ZTNA Connector Onboarding—Your enterprise network can host many applications in its cloud or data center environment that the network security teams are unaware of. As a result, when you deploy a ZTNA Connector and start to add application targets, determining which applications to include can be difficult.
      Private application target discovery solves this visibility challenge and simplifies application hosting by:
      • Finding the Prisma® Access tenant you have deployed and allowing you to onboard that tenant to start the app discovery process, or letting you remove an existing tenant.
      • Retrieving application-relevant information from one or more cloud provider accounts using Assumed Role and Work Load Identity (WLI).
      • Allowing you to view the application discovery results.
      • Providing a way for other modules to query for the discovered applications.
    • User-ID Across NAT Ensures Consistent Enforcement—If your deployment uses a Next-Generation Firewall (NGFW) where private apps are located, Source NAT on the service connection or ZTNA Connector prevents the NGFW from retrieving the mobile users' User-ID and Device-ID mapping. This limitation prevents the NGFW from enforcing zone-based Security policy rules based on User-ID or Device-ID mapping.
      User-ID Across NAT lets your network distribute the User- or Device-ID mapping from mobile users to the NGFW, thus allowing the NGFW to enforce Security policy rules based on the mapping it has learned. This configuration ensures a consistent security posture across your mobile user deployment.
    • IP Connector Block Deletion Increases Management Flexibility—Managing connector IP blocks was previously inflexible, making it difficult to update your IP resource allocation. This enhancement allows you more flexibility to delete and update the Connector IP Blocks after configuration.
      You can delete the Connector IP Blocks only after you delete all the ZTNA Connector objects such as connectors, applications, wildcards, and connector-groups on the tenant.

    © 2025 Palo Alto Networks, Inc. All rights reserved.