Prisma Browser
Configure Native RDP/SSH
Table of Contents
Configure Native RDP/SSH
Guide to configure RDP/SSH
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
|
Native RDP/SSH is a feature in Prisma Browser that allows you to access
RDP (Remote Desktop Protocol) and SSH (Secure Shell) applications without the
need for additional licenses.
This feature replaces the existing RDP/SSH capabilities found under
Prisma Browser’s Remote Connections.
Key Changes Upon Activation:
- Native RDP takes precedence over PRA (Prisma Access Remote Access) and Remote Connections will no longer work via Prisma Browser on the tenant.
- A new option, Non-Web Apps, appears under the Applications Tab.
![]()
Configure the Native RDP/SSH
The configuration flow for Non-Web applications is similar to setting
up Remote Connections.
A. Applications Tab (Non-Web Apps)
In the Applications directory, do the following:
- Click the Non-web Apps tab and click Add non-web app.
- In the Add Non-web Apps window, enter the information as needed.
- Be sure to configure the Non-Web App using an FQDN (Fully Qualified Domain Name) or an IP address.
- The configuration supports non-standard ports.
- The standard RDP port is 3389
- The standard SSH port is 22
B. Access and Data Control Rule
- The rule creation flow remains the same as for any other application.
- Within the Non-Web Application settings, you can allow the user to add Manual Connections or disable this functionality as per the defined scope.
Enable Native RDP/SSH
To enable and fully utilize the Native RDP/SSH feature, follow these steps:
- Configure a Non-Web App under the Applications directory.
- Create an Access and Data Control Policy allow access to the newly configured Non-Web App.
- Create a Security Policy under Explicit Proxy (EP).
- This step is necessary to allow access to RDP/SSH applications that
may reside within your data center.
- Navigate to Configuration > NGFW and Prisma Access.
- Change the Configuration Scope to Prisma Access or Explicit Proxy.
- Create a Security Rule in Explicit Proxy with the following
parameters:
- Source: Trust
- Destination: Any or Specific Location
- Applications: ms-RDP and SSH
- Action: Allow
![]()
- This step is necessary to allow access to RDP/SSH applications that
may reside within your data center.
Migration from Remote Connections
Native Clients and Remote Connections/PRA cannot co-exist in Prisma
Browser. Remote Connections/PRA must be disabled first for Native RDP/SSH to
work.
If Remote Connections/PRA is currently enabled on
your tenant, you must request the feature be enabled via
#help-pb-native-clients (channel/alias)
- Take Note of All Configurations: Before disabling, record all existing Remote Connection configurations as you will need to manually reconfigure the applications and update the policies later.
- Self-Correction: You will need this information to re-configure the apps as Non-Web Apps.
- Disable Remote Connections:
- Navigate to Administration > Remote Connection.
- Disable the toggle switch.
- Configure Non-Web Apps: Once disabled, Remote Connections will be renamed to Non-Web Apps in the administration screens. You can now configure the applications and policies for the new feature.
- Follow the Enablement Steps: Proceed with the steps outlined in Enable Native RDP/SSH.
User Experience
Users access the Remote Connections
feature through the Prisma Browser client interface.
- Click on the Prisma Browser Profile Icon.
- Click on Remote Connections.
This will open a new tab for Remote Connections where the user
can view:
- All RDP/SSH applications allowed per the policy created by the administrator.
- An option to add "New Connections," if the Manual Connect option is enabled for their profile/scope.
Connection Management:
- Connections defined by the user can be Edited or Deleted from the list.