Changes to Default Behavior for Prisma Access 5.2 and 5.2.1
Focus
Focus
Prisma Access

Changes to Default Behavior for Prisma Access 5.2 and 5.2.1

Table of Contents

Changes to Default Behavior for Prisma Access 5.2 and 5.2.1

Where Can I Use This?What Do I Need?
  • Prisma Access (Managed by Strata Cloud Manager)
  • Prisma Access (Managed by Panorama)
  • Minimum Required Prisma Access Version 5.2 or 5.2.1 Preferred or Innovation
The following sections detail the changes in default behavior for Prisma Access version 5.2 and Prisma Access 5.2.1.

Changes to Default Behavior for Prisma Access 5.2.1

The following table details the changes in default behavior for Prisma Access version 5.2.1.
ComponentChange
IP Optimization Enabled for New Prisma Access DeploymentsTo enable faster onboarding of Prisma Access tenants and simplify IP address allow listing, new Prisma Access deployments have IP Optimization enabled.
IP Optimization deployments do not support IPv6 for access to public (external) apps; private app access is supported. To enable IPv6 for your new Prisma Access deployment, reach out to your Palo Alto Networks account team, who will open a TAC case to accommodate the request.
Be sure that all users are running a GlobalProtect app version of 6.1.4 and later, 6.2.3 and later, or 6.3.0 and later before setting up a new Prisma Access deployment.
New FedRAMP deployments do not have IP Optimization enabled.
Default Mobile Users—GlobalProtect IP Address Pool Changed for New Prisma Access (Managed by Strata Cloud Manager) Deployments
New Prisma Access (Managed by Strata Cloud Manager) Mobile Users—GlobalProtect deployments has a new default IP address pool: 100.92.0.0/16. This is a change from previous deployments that used a default IP address pool of 100.127.0.0/16. You can use this RFC6598 pool for the majority of use cases, including for private app access for mobile users. If you require more IP addresses, you can add them in the Prisma Access UI.
IP Address Consolidation for Deployments that Have Migrated to IP Optimization
If you have an existing Prisma Access that has had one or more regions migrated to IP Optimization and are using Prisma Access Allow listing, some IP addresses that you have allow listed have moved from the Allocated Egress IP addresses area to the Allocated Ingress IP addresses area in the Prisma Access UI. This change is a result of IP address consolidation as a part of the Prisma Access 5.2.1 infrastructure upgrade. Your networks can still reach these IP addresses and you no longer have to allow list them.

Changes to Default Behavior for Prisma Access 5.2

ComponentChange
Upgrade Considerations for the PAN-OS 10.2.10 DataplaneIf you choose to have Palo Alto Networks upgrade your dataplane to PAN-OS 10.2.10 to support a Prisma Access 5.2 Preferred feature, make sure that you're aware of the following 10.2-specific changes and upgrade considerations before you schedule the upgrade:
Upgrade Considerations for the PAN-OS 11.2.3 DataplaneIf you choose to have Palo Alto Networks upgrade your dataplane to PAN-OS 11.2.3 to support a Prisma Access 5.2 Innovation feature, make sure that you're aware of the following 11.2-specific changes and upgrade considerations before you schedule the upgrade:
Web Interface Changes in Prisma Access 5.1Some Prisma Access (Managed by Strata Cloud Manager) web interface changes were made in Prisma Access 5.1 to support a maximum of 25,000 remote networks. See 25,000 Remote Network and 50,000 IKE Gateway Support for details.