Prisma Access Mobile User Deployments
Learn about the different mobile user deployment types
in Prisma Access.
If you determine that your deployment would benefit by having
some users connect using GlobalProtect and some users connect using
an Explicit Proxy, Prisma Access allows you to distribute the users
in your GlobalProtect for Users license between Mobile Users—GlobalProtect
and Mobile Users—Explicit Proxy. However, users cannot connect using
GlobalProtect and an explicit proxy from the same endpoint.
Secure Mobile Users with GlobalProtect—If
your goal is to secure mobile users’ access to all applications,
ports, and protocols, and to get consistent security whether the
user is inside or outside your network, use Mobile Users—GlobalProtect.
The GlobalProtect infrastructure is deployed for you and scales
based on the number of active users and their locations. After you
complete the configuration, users then connect to the closest Prisma
Access gateway (location) you have onboarded for policy enforcement.
This enables you to enforce consistent security for your users even
in locations where you do not have a network infrastructure and
IT presence.
The GlobalProtect app installed on the users'
endpoint secures users traffic to internet, SaaS applications, your
internal and public cloud resources.
Secure Mobile Users with an Explicit Proxy—If
your organization has designed its network around an explicit proxy
design, the explicit proxy connect method will help you quickly
replace the existing method and move to the Prisma Access Secure
Access Service Edge (SASE) solution. You can then send internet
and external SaaS application traffic to the Prisma Access infrastructure
and enforce security in the cloud.
With an explicit proxy,
you configure a proxy URL and a Proxy Auto-Configuration (PAC) file.
The GlobalProtect app is not required to be installed on the users’ endpoints.