Palo Alto Networks Compatibility Matrix
    : Prisma Access
    Focus
    Download PDF
    Focus
    1. Home
    2. Palo Alto Networks Compatibility Matrix
    3. Prisma Access
    Download PDF

    Palo Alto Networks Compatibility Matrix

    Prisma Access

    Table of Contents

    Prisma Access

    Learn about compatibility information for Prisma® Access.
    The following topics provide support information for Prisma® Access:

    What Features Does Prisma Access Support?

    Prisma® Access helps you to deliver consistent security to your remote networks and mobile users. There are two ways that you can deploy and manage Prisma Access:
    • Cloud Managed Prisma Access
      —If you're not using Panorama™ software to manage your next-generation firewalls, the Prisma Access app on the hub gives you a simplified way to onboard and manage Prisma Access.
    • Panorama Managed Prisma Access
      —If you're already using Panorama software to manage your next-generation firewalls, you can use Panorama to deploy Prisma Access and leverage your existing configurations. However, you’ll need the Cloud Services plugin to use Panorama for Prisma Access.
    The features and IPSec parameters supported for Prisma Access vary depending on the management interface you’re using—Panorama or the Prisma Access app. You cannot switch between the management interfaces after you activate your Prisma Access license. This means you must decide how you want to manage Prisma Access before you begin setting up the product. Review the Prisma Access Feature Support information to help you select your management interface.
    For a description of the features supported in GlobalProtect™, see the features that GlobalProtect supports.

    Prisma Access Feature Support

    The following sections provide you with the supported features and network settings for Prisma Access (both Panorama managed and Cloud managed).

    Management

    Feature
    Prisma Access (Cloud Managed)
    Prisma Access (Panorama Managed)
    Best Practice Checks
    Default Configurations
    Default settings enable you to get started quickly and securely
    Examples include:
    • Default DNS settings
    • Default GlobalProtect settings, including for the Prisma Access portal
    • Default Prisma Access infrastructure settings
    Built-in Best Practice Rules
    To ensure that your network is as secure as possible, enable your users and applications based on best practice templates. With best practices as your basis, you can then refine policy based on your enterprise needs.
    Features with best practice rules include:
    • Security rules
    • Security profiles
    • Decryption
    • M365
    Onboarding Walkthroughs for First-Time Setup
    Guided walkthroughs include:
    • Onboard Remote Networks
    • Onboard Mobile Users (GlobalProtect)
    • Onboard Your HQ or Data Centers
    • Turn on Decryption
    Centralized Management Dashboards
    These can include best practice scores and usage information
    Dashboards are available for features including:
    • Security Policy
    • Security Profiles
    • Decryption
    • Authentication
    • Certificates
    • SaaS Application Management
    Hit Counts
    Hit counts for Security profiles include counts that measure the profile’s effectiveness, and these can depend on the profile (for example, unblocked critical and high severity vulnerabilities, or WildFire submission types).
    Policy Rule Usage
    Profile Groups

    Remote Networks

    Feature
    Prisma Access (Cloud Managed)
    Prisma Access (Panorama Managed)
    IPSec Tunnels
    We do not support FQDNs for peer IPSec addresses; use an IP address for the peer address instead.
    Secure Inbound Access
    Tunnel Monitoring
    Dead Peer Detection (DPD)
    ICMP
    Bidirectional Forwarding Detection (BFD)
    SNMP
    Use Tunnel Monitoring instead of SNMP to monitor the tunnels in Prisma Access.

    Service Connections

    Feature
    Prisma Access (Cloud Managed)
    Prisma Access (Panorama Managed)
    IPSec Tunnels
    We do not support FQDNs for peer IPSec addresses; use an IP address for the peer address instead.
    Tunnel Monitoring
    Dead Peer Detection (DPD)
    ICMP
    Bidirectional Forwarding Detection (BFD)
    SNMP
    Use Tunnel Monitoring instead of SNMP to monitor the tunnels in Prisma Access.
    Traffic Steering
    (using policy-based forwarding rules to forward internet-bound traffic to service connections)
    Introduced in 1.7.

    Mobile Users—GlobalProtect

    Feature
    Prisma Access (Cloud Managed)
    Prisma Access (Panorama Managed)
    Using On-Premises Gateways (Hybrid Deployments)
    On-premises gateway integration with Prisma Access
    We support using on-premises gateways with Prisma Access gateways.
    Priorities for Prisma Access and On-Premises Gateways
    Supported for deployments that have on-premises GlobalProtect gateways. You can set a priority separately for on-premises gateways and collectively for all gateways in Prisma Access. You can also specify source regions for on-premises gateways.
    Manual Gateway Selection
    Users can manually select a cloud gateway from their client machines using the GlobalProtect app.
    GlobalProtect Gateway Modes
    External Mode
    Internal Mode
    Introduced in 5.1 Innovation.
    If you are running a version below 5.1 Innovation, you can add one or more on-premise gateways and configure them as internal gateways.
    Introduced in 5.1 Innovation.
    If you are running a version below 5.1 Innovation, you can add one or more on-premise gateways and configure them as internal gateways.
    GlobalProtect App Connect Methods
    User-Logon (always on)
    Pre-Logon (always on)
    Pre-Logon (then on-demand)
    On-Demand
    Clientless VPN
    Clientless VPN
    Mobile User—GlobalProtect Features
    Mobile Device Management (MDM)
    MDM Integration with HIP
    Prisma Access does not support AirWatch MDM HIP service integration; however, you can use the GlobalProtect App for iOS and Android MDM Integration for HIP-Based Policy Enforcement
    Administratively Log Out Mobile Users
    Introduced in 1.4.
    DHCP
    Prisma Access uses the IP address pools you specify during mobile user setup to assign IP addresses to mobile users and does not use DHCP.
    GlobalProtect App Version Controls
    One-click configuration for GlobalProtect agent log collection

    Mobile Users—Explicit Proxy

    Feature
    Prisma Access (Cloud Managed)
    Prisma Access (Panorama Managed)
    Explicit Proxy Support
    Introduced in 2.0 Innovation.
    Explicit Proxy Connectivity in GlobalProtect for Always-On Internet Security
    Introduced in 4.0 Preferred with GlobalProtect app version 6.2
    Introduced in 4.0 Preferred with GlobalProtect app version 6.2

    Security Services

    Feature
    Prisma Access (Cloud Managed)
    Prisma Access (Panorama Managed)
    Security Policy
    DoS Protection
    The Prisma Access infrastructure manages DoS protection.
    SaaS Application Management
    Supported for:
    • Microsoft 365 apps
      Includes a guided walkthrough to safely enable M365
    • Google apps
    • Dropbox
    • YouTube
    IoT Security
    Security Profiles
    Supported Profile Types
    • Antispyware
    • DNS Security
    • Vulnerability Protection
    • WildFire and Antivirus
    • URL Filtering
    • File Blocking
    • Data Loss Prevention (DLP)
    • HTTP Header Insertion
    • Antispyware
    • DNS Security (enabled via an Antispyware profile)
    • Vulnerability Protection
    • Antivirus
    • WildFire
    • URL Filtering
    • File Blocking
    • Data Loss Prevention (DLP)
    Dashboards for Security Profiles
    Dashboards are tailored to each profile, and give you:
    • centralized management for security service features
    • visibility into profile usage and effectiveness
    • access to cloud databases (search for threat coverage, for example)
    Best Practice Scores for Security Profiles
    We support HTTP response pages for mobile users and users at remote networks. To use HTTPS response pages, open a CLI session in the Panorama that manages Prisma Access, enter the
    set template Mobile_User_Template config deviceconfig settingssl-decrypt url-proxyyes
     command in configuration mode, and commit your changes.
    HTTP Header Insertion
    Decryption
    SSL Forward Proxy
    SSL Inbound Inspection
    SSH Proxy
    Guided Walkthrough:
    Turn on Decryption

    Network Services

    Feature
    Prisma Access (Cloud Managed)
    Prisma Access (Panorama Managed)
    Network Services
    Prisma Access uses the same QoS policy rules and QoS profiles and supports the same DSCP markings as Palo Alto Networks Next-Generation Firewalls.
    Application Override
    IPv4 Addressing
    IPv6 Addressing
    Introduced in 2.2 Preferred.
    Split Tunnel Based on Access Route
    Split Tunnel Based on Destination Domain, Client Process, and Video Streaming Application
    NetFlow
    NAT
    Prisma Access automatically manages outbound NAT; you cannot configure the settings.
    SSL VPN Connections
    Routing Features
    Static Routing
    Dynamic Routing (BGP)
    Dynamic Routing (OSPF)
    High Availability
    Palo Alto Networks maintains Availability.
    SMTP
    Prisma Access sometimes blocks SMTP port 25 for security reasons and to mitigate the risk from known vulnerabilities that exploit nonsecure SMTP. Palo Alto Networks recommends using ports 465, 587, or an alternate port 2525 for SMTP.
    Prisma Access sometimes blocks SMTP port 25 for security reasons and to mitigate the risk from known vulnerabilities that exploit nonsecure SMTP. Palo Alto Networks recommends using ports 465, 587, or an alternate port 2525 for SMTP.

    Identity Services

    Feature
    Prisma Access (Cloud Managed)
    Prisma Access (Panorama Managed)
    Authentication Types
    SAML
    Requires 3.0 Innovation or a later Innovation release.
    Requires 3.0 Innovation or a later Innovation release.
    TACACS+
    RADIUS
    LDAP
    Kerberos
    We support Kerberos only on Windows clients.
    MFA
    Local Database Authentication
    Authentication Features
    Authentication Rules
    Authentication Portal
    Supported for both IPSec and mobile users with GlobalProtect.
    Supported for both IPSec and mobile users with GlobalProtect.
    Framed IP-Address retrieval from a RADIUS server
    Single Sign-On (SSO)
    Supported for the following platforms:
    • Citrix XenApp 7.
      x
    • Windows Server 2019
    • Windows 10 Enterprise Multi-session
    We support a maximum of 400 TS agents.
    Supported for the following platforms:
    • Citrix XenApp 7.
      x
    • Windows Server 2019
    • Windows 10 Enterprise Multi-session
    We support a maximum of 400 TS agents.
    Cloud Identity Engine (Directory Sync Component)
    Directory Sync for User and Group-Based Policy
    Supports on-premises Active Directory and Azure Active Directory.
    You can retrieve user and group information using the Directory Sync component of the Cloud Identity Engine.
    Prisma Access supports on-premises Active Directory, Azure Active Directory, and Google IdP.
    Introduced in 1.6.
    Support for Azure Active Directory introduced in 2.0 Preferred.
    Support for Google IdP introduced in 3.0 Preferred and Innovation.
    Identity Redistribution
    • IP address-to-username mappings
    • HIP
    • Device Quarantine
    • IP-Tag
    • User-Tag
    Ingestion of IP address-to-username mappings from a third-party integration (NAC)
    Introduced in 1.7.
    Requires Panorama running PAN-OS 9.1.1 or a later supported PAN-OS version.

    Policy Objects

    Feature
    Prisma Access (Cloud Managed)
    Prisma Access (Panorama Managed)
    Addresses
    Address Groups
    Dynamic Address Groups (DAGs) and Auto-Tags
    XML API - Based Dynamic Address Group Updates
    Regions
    App-ID (Applications)
    We do not support commit warnings for Prisma Access.
    Service-Based Session Timeouts
    Application Groups
    Application Filters
    Services
    Service Groups
    Tags
    Introduced in 1.7.
    Requires Panorama running PAN-OS 9.1.1 or a later supported PAN-OS version.
    Auto-Tag Actions
    HIP Objects
    HIP-Based Security Policy
    HIP Report Submission
    HIP Report Viewing
    Introduced in 1.5.
    Introduced in 1.5.
    HIP Objects and Profiles
    Certificate Management
    Custom Certificates
    Palo Alto Networks Issued Certificates
    Certificate Profiles
    Custom Certificates
    SSL/TLS Service Profiles
    SSL
    We support SSL only for mobile users, not for site-to-site VPNs.
    SCEPs
    OCSP Responders
    Default Trusted Certificate Authorities

    Logs

    Feature
    Prisma Access (Cloud Managed)
    Prisma Access (Panorama Managed)
    Strata™ Logging Service (formerly Cortex® Data Lake) Log Storage
    Forward logs stored in Strata Logging Service to syslog and email destinations
    Default Log Forwarding profile
    We do not support HTTP, SNMP, auto-tagging in Built-in Actions.
    Introduced in 1.7.
    Requires Panorama running PAN-OS 9.1.1 or a later supported PAN-OS version. If you use Panorama running a PAN-OS 9.0 (EoS) version, you can still see traffic and HIP logs from Panorama but you need to use the Explore app from the Hub to see the remaining logs.

    Reports

    Feature
    Prisma Access (Cloud Managed)
    Prisma Access (Panorama Managed)
    Reports
    Introduced in Prisma Access 1.8.
    App Report
    This feature has the following Strata Logging Service-based limitation:
    SaaS Application Usage
     report (
    Monitor
    PDF Reports
    SaaS Application Usage
    )—You cannot filter the logs for user groups (we do not support the
    Include user group information in the report
     option).
    Usage Report
    User Activity Report
    Best Practices Report
    WildFire Reports
    Support introduced in 2.0 Innovation.

    Integration with Other Palo Alto Networks Products

    Feature
    Prisma Access (Cloud Managed)
    Prisma Access (Panorama Managed)
    Cortex XSOAR integration
    We support source IP-based allow lists and malicious user activity detection.
    Cortex XDR integration
    Prisma Access is compatible with the Cortex XDR version of Strata Logging Service. Cortex XDR receives Prisma Access log information from Strata Logging Service (formerly Cortex Data Lake).
    Prisma Access is compatible with the Cortex XDR version of Strata Logging Service. Cortex XDR receives Prisma Access log information from Strata Logging Service (formerly Cortex Data Lake).
    Prisma SaaS integration

    Multitenancy Unsupported Features and Functionality

    We do not support the following Prisma Access (Panorama managed) features in a multitenant deployment:
    In addition, a Panorama managed multitenant deployment has changes to the following functionality:
    • You cannot view your Panorama managed tenants under Common Services: Tenant Management.
    • For Panorama Managed Prisma Access, continue to use Panorama for managing Prisma Access and the admin access that Panorama controls locally. You cannot manage users, roles, and services accounts using Common Services: Identity and Access for Panorama Managed Prisma Access. However, you can use Common Services: Identity and Access for managing other apps such as ADEM and Insights.
    • You cannot use the Prisma Access APIs in pan-dev.
    The following Prisma Access components and add-ons have the following caveats when used in a multitenant deployment:
    • For Prisma Access—Explicit Proxy deployments, if you have an existing Prisma Access non-multitenant deployment and convert it to a multitenant deployment, only the first tenant (the tenant you migrated) supports Explicit Proxy. Any subsequent tenants you create for the multitenant deployment after the first one do not support Explicit Proxy.
    • SaaS Security and Enterprise Data Loss Prevention (Enterprise DLP) support multitenancy with the following restrictions:
      • Only a superuser on Panorama can create DLP profiles and patterns and can associate DLP profiles to Security policy rules for tenants.
      • A superuser must commit all changes to Panorama whenever they make changes in DLP profiles and patterns.
      • All tenants share a single copy of profiles and pattern configurations and, therefore, changes occur on all tenants.
      • Since Security policy rules can be different across tenants, each tenant can have different data filtering profiles associated with Security policy rules.
    • You can use Prisma SD-WAN integration and Configuring multiple portals in Prisma Access only with one tenant per multitenant deployment.
    • If you enable high availability (HA) with active and passive Panorama appliances in a multitenant deployment, you cannot change the HA pair association after you enable multitenancy.

    Prisma Access and Panorama Version Compatibility

    This section provides you with the minimum and maximum versions of Panorama™ to use with Prisma® Access, along with the end-of-service (EoS) dates for Panorama software versions with Prisma Access.

    Supported IKE Cryptographic Parameters

    The following table documents the IKE cryptographic settings that we support with Prisma® Access.
    Component
    Phase 1 Supported Crypto Parameters
    Phase 2 Supported Crypto Parameters
    Encryption
    3DES
    AES-128
    AES-192
    AES-256
    Null (not recommended)
    DES
    3DES
    AES-128-CBC
    AES-192-CBC
    AES-256-CBC
    AES-128-GCM
    AES-192-GCM
    AES-256-GCM
    Authentication/Integrity
    MD5
    SHA-1
    We support only SHA1 in IKE Crypto profiles (Phase 1) with IKEv2 with certificate-based authentication.
    SHA-256
    SHA-384
    SHA-512
    None
    (supported with Galois/Counter Mode (GCM)
    MD5
    SHA-1
    SHA-256
    SHA-384
    SHA-512
    DH Group
    Group 1
    Group 2
    Group 5
    Group 14
    Group 19
    Group 20
    No PFS
    (not recommended)
    Group 1
    Group 2
    Group 5
    Group 14
    Group 19
    Group 20
    Security Association (SA) Lifetime
    Configurable
    Configurable
    SA Lifebytes
    N/A
    Configurable

    Minimum Required Panorama Software Versions

    The Cloud Services plugins require the following minimum Panorama™ software versions.
    Due to the fast-paced release cycle for Prisma Access and the Cloud Services plugin, the software end-of-support (EoS) dates for Panorama appliances for managing Prisma Access vary from the software end-of-life (EoL) dates for PAN-OS and Panorama releases. These exceptions apply only to Panorama version compatibility with Prisma Access.
    Cloud Services Plugin Version
    Minimum Required Panorama Version
    5.1 Preferred and Innovation
    • PAN-OS 11.2.0 or a later PAN-OS 11.2 version
    • PAN-OS 11.1.0 or a later PAN-OS 11.1 version
    • PAN-OS 11.0.1 or a later PAN-OS 11.0 version
    • PAN-OS 10.2.4 or a later PAN-OS 10.2 version
    • PAN-OS 10.1.8 or a later PAN-OS 10.1 version
    4.0, 4.1, and 4.2 Preferred
    5.0 and 5.0.1 Preferred and Innovation
    • PAN-OS 11.1.0 or a later PAN-OS 11.1 version
    • PAN-OS 11.0.0 or a later PAN-OS 11.0 version
      Running Panorama with PAN-OS 11.0 or PAN-OS 11.1 does not give you access to PAN-OS 11.0 features in Prisma Access.
    • PAN-OS 10.2.3 or a later PAN-OS 10.2 version
    • PAN-OS 10.1.7 or a later PAN-OS 10.1 version
      You must have a Panorama appliance running PAN-OS 10.2 to take advantage of the PAN-OS 10.2 features in Prisma Access.
    For Panorama versions supported and required for FedRAMP deployments, see Prisma Access FedRAMP Requirements.
    3.2.1 Preferred
    • PAN-OS 11.0.0 or a later PAN-OS 11.0 version
    • PAN-OS 10.2.3 or a later PAN-OS 10.2 version
      Only Cloud Services plugin versions 3.2 and 3.1.0-h50 or later versions support a Panorama running PAN-OS 10.2.3 or a later version. Do not upgrade your Panorama to PAN-OS 10.2.3 (or later) until after you upgrade your Cloud Services plugin to these minimum versions. We do not support any Panorama running PAN-OS versions earlier than PAN-OS 10.2.3.
    • 10.1.7 or a later PAN-OS 10.1 version
    For Panorama versions supported and required for FedRAMP deployments, see Prisma Access FedRAMP Requirements.
    3.2.1 Innovation
    • PAN-OS 11.0.0 or a later PAN-OS 11.0 version
    • PAN-OS 10.2.3 or a later PAN-OS 10.2 version.
    • PAN-OS 10.1.7 or a later PAN-OS 10.1 version
    3.2 Preferred
    • PAN-OS 10.2.3 or a later PAN-OS 10.2 version.
      Only Cloud Services plugin versions 3.2 and 3.1.0-h50 or later support a Panorama running PAN-OS 10.2.3 or a later PAN-OS version. Do not upgrade your Panorama to PAN-OS 10.2.3 until after you upgrade your Cloud Services plugin to these minimum versions. We do not support Panorama running PAN-OS versions earlier than PAN-OS 10.2.3.
    • PAN-OS 10.1.7 (
      10.1.8 recommended
      ) or a later PAN-OS 10.1 version
    For Panorama versions supported and required for FedRAMP deployments, see Prisma Access FedRAMP Requirements.
    3.2 Innovation
    • PAN-OS 10.2.3 or a later PAN-OS 10.2 version
    • PAN-OS 10.1.7 or a later PAN-OS 10.1 version
    3.1 Preferred
    • PAN-OS 10.2.2-h1 or a later PAN-OS 10.2 version (
      minimum Cloud Services plugin version of 3.1.0-h50 required
      )
      Only Cloud Services plugin version 3.1.0-h50 or later support a Panorama running 10.2.2-h1 or later. Do not upgrade your Panorama to PAN-OS 10.2.2-h1 until after you upgrade your Cloud Services plugin to this minimum version. We do not support Panorama running PAN-OS versions earlier than PAN-OS 10.2.2-h1.
      Review the PAN-OS and Prisma Access Known Issues that are applicable to deployments with Panorama running PAN-OS 10.2.2 with Prisma Access 3.1.2.
    • PAN-OS 10.1.3 or a later PAN-OS 10.1 version
      If you're running a PAN-OS 10.1 version, you should upgrade to PAN-OS 10.1.4 or a later PAN-OS 10.1 version to incorporate an addressed issue (CYR-19816) that resolves a known issue found in earlier PAN-OS 10.1 versions.
    3.1 Innovation
    • PAN-OS 10.2.3 or a later PAN-OS 10.2 version
    • PAN-OS 10.1.3 or a later PAN-OS 10.1 version
      If you're running a PAN-OS 10.1 version, you should upgrade to PAN-OS 10.1.4 or a later PAN-OS 10.1 version to incorporate an addressed issue (CYR-19816) that resolves a known issue found in earlier PAN-OS 10.1 versions.
    3.0
    • PAN-OS 10.1.2 or a later PAN-OS 10.1 version
      FedRAMP Prisma Access deployments require Panorama running PAN-OS 10.1.8. Enabling the Processing Standard and Common Criteria (FIPS-CC mode) on the Panorama that manages Prisma Access is the recommended best practice aligned with FedRAMP controls.
      If you're running a PAN-OS 10.1 version, you should upgrade to PAN-OS 10.1.4 or a later PAN-OS 10.1 version to incorporate an addressed issue (CYR-19816) that resolves a known issue found in earlier PAN-OS 10.1 versions.
    For Panorama versions supported and required for FedRAMP deployments, see Prisma Access FedRAMP Requirements.
    2.2 Preferred
    • PAN-OS 10.1
      FedRAMP Prisma Access deployments require Panorama running PAN-OS 10.1.8. Enabling the Processing Standard and Common Criteria (FIPS-CC mode) on the Panorama that manages Prisma Access is the recommended best practice aligned with FedRAMP controls.
      If you're running a PAN-OS 10.1 version, you should upgrade to PAN-OS 10.1.4 or a later PAN-OS 10.1 version to incorporate an addressed issue (CYR-19816) that resolves a known issue found in earlier PAN-OS 10.1 versions.
    For Panorama versions supported and required for FedRAMP deployments, see Prisma Access FedRAMP Requirements.

    End-of-Support (EoS) Dates for Panorama Software Version Compatibility with Prisma Access

    When Prisma® Access upgrades its infrastructure and dataplane after a major release, the upgrades can become incompatible with earlier Panorama™ versions. Because of the fast-paced release of Prisma Access and the Cloud Services plugin, the software compatibility end-of-support (EoS) dates for Panorama can differ from the software end-of-life dates for Panorama releases and apply to Panorama version compatibility with Prisma Access only.
    If the Panorama appliance that manages Prisma Access is running a software version that’s incompatible (not supported) with the upgrades, you must upgrade Panorama to a compatible version to take full advantage of the capabilities of the infrastructure and dataplane upgrades. It's our goal to make this process as easy as possible and, for this reason, we make every effort to provide you with adequate notice of Panorama and Prisma Access version compatibility requirements.
    Use the dates in the following table to learn when a Panorama software version that manages Prisma Access is no longer compatible with Prisma Access so that you can plan an upgrade to a supported version prior to the EoS date.
    Due to the fast-paced release cycles for Prisma Access and the Cloud Services plugin, the software compatibility end-of-support (EoS) dates for Panorama appliances that manage Prisma Access sometimes differ from the software end-of-life (EoL) dates for PAN-OS and Panorama software versions. The exceptions apply only to Panorama version compatibility with Prisma Access.
    To find the latest EoS compatibility information for your Panorama software with Prisma Access, log in to the Panorama appliance that manages Prisma Access, select the Service Setup page (
    Panorama
    Cloud Services
    Configuration
    Service Setup
    ), and view the
    Panorama Alert
     information. (See Notifications and Alerts for Panorama, Cloud Services Plugin, and PAN-OS Dataplane Versions for details.)
    Panorama Software Version
    EoS Dates for Prisma Access Deployments
    PAN-OS 10.0
    March 1, 2023
    PAN-OS 9.1
    August 1, 2022
    Before this date, you must upgrade your Panorama to PAN-OS 10.1 or a later supported (with Prisma Access) PAN-OS version.
    We support PAN-OS 10.1 only after you upgrade to 2.2 Preferred or to the following 2.1 plugins:
    • 2.1.0-h24 Preferred
    • 2.1.0-h16 Innovation
    You must upgrade Panorama regardless of the Cloud Services plugin version you're running when the Panorama software version reaches its EoS date. You cannot continue using earlier versions of the Cloud Services plugin with an earlier unsupported version of Panorama software.
    The following Panorama software versions are already EoS and you cannot use them with Prisma Access:
    • PAN-OS 10.0
      —EoS on July 16, 2022
    • PAN-OS 9.0
      —EoS on February 1, 2021

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.