Features Introduced in Prisma Access 2.0 Innovation
Table of Contents
Expand All
|
Collapse All
Prisma Access Docs
-
-
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
-
-
-
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Features Introduced in Prisma Access 2.0 Innovation
The following table describes the new features introduced
in Prisma Access version 2.0 Innovation.
Prisma Access supports GlobalProtect versions 5.1 and 5.2. For
a list of the Panorama software versions that are supported with
Prisma Access, see Minimum Required Panorama Software
Versions in the Palo Alto Networks Compatibility
Matrix.
The Cloud Services Plugin 2.0 Innovation version includes all
the features from the Cloud Services
plugin 2.0 Preferred version and adds the following features.
Feature | Description |
---|---|
Autonomous Digital Experience Management Integration | Autonomous Digital Experience Management
(DEM) is now available for mobile users who use the GlobalProtect
app! You can use Autonomous Digital Experience Management (Autonomous
DEM) to get visibility into user experience, application and network
performance. With Autonomous DEM, you gain segment-wise insights
across the entire service delivery path, with real and synthetic
traffic analysis that enables the ability to drive autonomous remediation
of digital experience problems when they arise. Get Started Now. Autonomous
DEM requires an add-on license, and requires The GlobalProtect app
version 5.2.6 or later. |
Support for PAN-OS 10.0.3 | New Cloud Services 2.0 Innovation customers
are running a dataplane version of PAN-OS 10.0.3 and are
able to take advantage of PAN-OS 10.0 features up to PAN-OS 10.0.3, including
the following features:
GlobalProtect
version 5.2.5 is required to use GlobalProtect App Log Collection
for Troubleshooting. |
IoT Security Support | You can use Prisma Access to implement IoT security. IoT Security
applies machine learning and AI to discover and identify connected
devices and then presents them in a dynamically generated inventory. |
Enterprise DLP Support | Prisma Access supports the use of the Panorama plugin for DLP 1.0.3 to
implement Enterprise Data Loss Prevention (DLP) with Prisma Access. If
you have an existing deployment with Enterprise DLP on Prisma Access and
want to upgrade to the Cloud Services plugin 2.0 Innovation version,
Palo Alto Networks provides you with a migration process to transfer
to using DLP with the DLP Panorama plugin. |
Identification of Quarantine of Devices Support | If you have a Prisma Access for Users license,
you can add compromised devices to
a quarantine list and block users from logging in to the network
from that device using GlobalProtect. |
GlobalProtect App Log Collection for Troubleshooting Support | If you have a Prisma Access for Users license,
you can quickly resolve mobile user connection, performance, and
access issues by having GlobalProtect users generate and send an
easy to read, comprehensive report from the end user’s endpoint
to Strata Logging Service for further
analysis. This release adds a UI element to allow you to generate
and store the certificate that is required for communication between
the GlobalProtect app and Strata Logging Service, eliminating the CLI requirement. |
Explicit Proxy Support | You can configure an explicit proxy to secure
mobile users with a proxy URL and a Proxy Auto-Configuration (PAC)
file. If your organization’s existing network already uses explicit
proxies and deploys PAC files on your client endpoints, you can
smoothly migrate to Prisma Access to secure mobile users’ outbound
internet traffic. You can still secure mobile users with
GlobalProtect. If you want to add an explicit proxy to an existing
mobile users deployment, you can divide your mobile users license
between the users you want to secure with GlobalProtect and the
users you want to secure with an explicit proxy. Explicit
proxy uses your existing Mobile User license. Whether you have a
new deployment or if you upgrade, you can divide your mobile user
license between Mobile Users - GlobalProtect and Mobile Users -
Explicit Proxy. |
Cloud Directory Support for Directory Sync | To allow you to integrate your organization’s
cloud directory with Prisma Access, you can activate and use your Directory Sync instance
with Azure Active Directory. |
Support for Predefined URLs and URLs in EDLs in Traffic Steering | When you create rules for targets when you
configure traffic steering for service
connections, Prisma Access adds support for the following
capabilities:
|
Support for no-export and no-advertise BGP Communities | Prisma Access makes the following BGP community
changes:
|
Strata Logging Service Theater Support | Prisma Access supports the following Strata Logging Service regions:
|
Support for Asymmetric Routing for Service Connections | Prisma Access removes the requirements to
have a symmetric network path for the traffic returning from the
data center. Asymmetric flows are allowed through the Prisma Access backbone.
This removal allows you to configure ECMP or any other load balancing
mechanism for service connections from your CPE. This capability
is not enabled by default; to enable it, change the Backbone
Routing options in your service setup settings. |
DNS Enhancements for Mobile
Users and Remote Networks | Prisma Access offers the following enhancements
when you specify DNS settings for mobile users and remote networks:
|
WildFire Dashboard and AutoFocus Portal Integration | Prisma Access allows you to view pervasive
artifacts on the AutoFocus Dashboard and
view reports on the WildFire portal. |
TLS 1.3 Support for Mobile Users (GlobalProtect) and Remote Networks | Prisma Access supports Transport Layer Security
(TLS) 1.3 for mobile user (GlobalProtect) deployments and remote networks. TLS
1.3 is not supported on Explicit Proxy deployments. |
Route Aggregation Support for Remote Networks | You can advertise summary routes from data
centers and the remote networks chooses the closest service connection
as the next hop. |
Load Balancing Improvements for Summary Prefix Advertisements on Multiple Service Connections | Prisma Access has made improvements that
enhance load balancing for multiple service connections that you
have onboarded in different Prisma Access locations. For example,
if you have two service connections onboarded in the US West location
and two service connections onboarded in the US East location, Prisma Access
load balances the traffic for summary prefixes at each data center
to which the service connections are attached. This enhancement
effectively increases the available bandwidth for a data center
location that you have connected using multiple service connections
at different Prisma Access locations. |
Protect from Web-Based Threats with Remote Browser Isolation (RBI) | To support a larger range of use cases and
prevent malware, phishing, cryptomining, and other such threats,
Prisma Access can integrate with third-party RBI cloud vendors using URL response page redirect or traffic steering over the Prisma
Access Service connection to the RBI cloud. These integrations
help with isolating all active, untrusted web content from endpoints
that your users use to access business-critical internet services
and internal networks, and ensure that the corporate network remains
safe. See https://www.paloaltonetworks.com/partners/alliance for
our technology partners and solution briefs. |