Prisma Access Mobile User Deployments
Focus
Focus

Prisma Access Mobile User Deployments

Table of Contents

Prisma Access Mobile User Deployments

Learn about the different mobile user deployment types in Prisma Access.
Prisma Access offers two connection methods to secure mobile users; you can secure them using GlobalProtect or secure them using an explicit proxy.
If you determine that your deployment would benefit by having some users connect using GlobalProtect and some users connect using an Explicit Proxy, Prisma Access allows you to distribute the users in your GlobalProtect for Users license between Mobile Users—GlobalProtect and Mobile Users—Explicit Proxy. However, users cannot connect using GlobalProtect and an explicit proxy from the same endpoint.
  • Secure Mobile Users with GlobalProtect—If your goal is to secure mobile users’ access to all applications, ports, and protocols, and to get consistent security whether the user is inside or outside your network, use Mobile Users—GlobalProtect. The GlobalProtect infrastructure is deployed for you and scales based on the number of active users and their locations. After you complete the configuration, users then connect to the closest Prisma Access gateway (location) you have onboarded for policy enforcement. This enables you to enforce consistent security for your users even in locations where you do not have a network infrastructure and IT presence.
    The GlobalProtect app installed on the users' endpoint secures users traffic to internet, SaaS applications, your internal and public cloud resources.
  • Secure Mobile Users with an Explicit Proxy—If your organization has designed its network around an explicit proxy design, the explicit proxy connect method will help you quickly replace the existing method and move to the Prisma Access Secure Access Service Edge (SASE) solution. You can then send internet and external SaaS application traffic to the Prisma Access infrastructure and enforce security in the cloud.
    With an explicit proxy, you configure a proxy URL and a Proxy Auto-Configuration (PAC) file. The GlobalProtect app is not required to be installed on the users’ endpoints.