Location-based Policy
The location-based policy can be used to limit access to the Prisma Access Browser
based on location.
| Where Can I Use This? | What Do I Need? |
|---|
- Strata Cloud Manager
- Prisma Access Browser standalone
- Prisma Access Browser Mobile
- Prisma Access Browser Extension
|
- Prisma Access with Prisma Access Browser bundle license or
Prisma Access Browser standalone license
- Superuser or Prisma Access Browser
role
|
This feature requires Prisma Access Browser version 129.90.2910.2 and later.
You now have the ability to apply policies based on the device's location in addition to
the other Scope parameters that can be used for all policy rules.
The policy engine evaluates the location of the device every 60 minutes and reports the
location back to the server. For macOS and Windows devices, the policy engine will use
the OS Location Services, if enabled. Otherwise the engine will use Geo IP location.
Important Information for Admins
- End-users who use VPN services can change their public IP by selecting a
different location for their connection. For example, a user in Germany can
decide to connect to the company network from a location in the United States,
depending on the VPN provider.
- To reduce the risk of location bypass, you can use MDM (for managed
devices) and enable OS location services tot he browser, as well as to
browsers that use the Prisma Access Browser Extension.
The location may not be accurate around
national borders for both OS Location Service and Geo IP.
- The mobile browser currently uses only Geo IP.
- macOS Location Services are temporarily unavailable in Israel. See here for
more information. Why have Apple and Google disabled map
features in Israel and Gaza?
Older versions of the Prisma Access Browser can only use Geo
IP. If you want to se OS Location Service, you need to upgrade.
