Prisma Access Explicit Proxy Connectivity in GlobalProtect for Always-On Internet
Security
Learn about using GlobalProtect for explicit proxy in Prisma Access
The GlobalProtect app now includes native support for Prisma Access explicit proxy to
provide always-on internet security and seamless co-existence with third-party VPNs.
This solution secures internet-bound traffic from your mobile users, even if users
disconnect the GlobalProtect app. To achieve this, the GlobalProtect app now provides
two new modes:
Proxy mode—The GlobalProtect app forwards
internet traffic, including SaaS application traffic, to Prisma Access for explicit
proxy, based on the forwarding rules you define. By enabling explicit proxy
functionality directly from the GlobalProtect app you get all of the advantages
Prisma Access provides, including consistent rule enforcement to ensure that users
are only accessing approved SaaS apps and sites, as well as continuous security
inspection. In this mode, you can use a third-party VPN for private app access.
Proxy and Tunnel mode—In this mode, the
GlobalProtect app first evaluates the explicit proxy forwarding rules you have
defined and sends all internet-bound traffic to the Prisma Access explicit proxy.
For all other traffic, the app determines which traffic to send through the tunnel
to the GlobalProtect gateway, and which traffic to exclude from the tunnel, based on
any split tunnel rules you have defined.
These new modes complement the existing GlobalProtect app Tunnel mode, which continues to function the
same way it always has, providing secure access for internet, SaaS app, and private app
access via a tunnel to Prisma Access for policy enforcement and security inspection.