Features Introduced in Prisma Access 2.0 Preferred
Table of Contents
Expand All
|
Collapse All
Prisma Access Docs
-
-
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
-
-
-
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Features Introduced in Prisma Access 2.0 Preferred
The following table describes the new features introduced
in Prisma Access version 2.0 Preferred.
Prisma Access supports GlobalProtect versions 5.1 and 5.2. For
a list of the Panorama software versions that are supported with
Prisma Access, see Minimum Required Panorama Software
Versions in the Palo Alto Networks Compatibility
Matrix.
Feature | Description |
---|---|
WildFire Canada Region Support | To allow you to adhere to data sovereignty
and residency laws as well as established data protection and privacy regulations,
Prisma Access will support the use of the WildFire Canada cloud
for Prisma Access (ca.wildfire.paloaltonetworks.com). Prisma
Access automatically assigns the WildFire Canada region for any
remote network connections or mobile user locations that are in
the Canada East and Canada Central locations. |
Additional Strata Logging Service Theaters | To allow better regional coverage for Strata
Logging Service, you can now select from the following additional Strata
Logging Service theaters:
|
GlobalProtect App Log Collection for Troubleshooting Support | If you have a Prisma Access for Users license,
you can quickly resolve mobile user connection, performance, and
access issues by having GlobalProtect users generate and send an
easy to read, comprehensive report from the end user’s endpoint
to Strata Logging Service for further
analysis. For Prisma Access 2.0 Preferred, you are required
to use CLI to set up a client certificate to be used between the GlobalProtect
app and Strata Logging Service. See Set Up GlobalProtect Connectivity
to Strata Logging Service for details. |
Cloud Directory Support for Directory Sync | To allow you to integrate your organization’s
cloud directory with Prisma Access, you can activate and use your Directory Sync instance
with Azure Active Directory. |
Support for Asymmetric Routing for Service Connections | Prisma Access removes the requirements to
have a symmetric network path for the traffic returning from the
data center. Asymmetric flows will be allowed through the Prisma Access
backbone. This removal allows you to configure ECMP or any other
load balancing mechanism for service connections to your CPE. This
capability is not enabled by default; to enable it, change the Backbone
Routing options in your service setup settings. |
(New if upgrading from the Cloud Services
plugin 1.7) You allocate bandwidth for remote networks at an aggregate level per compute
location. The aggregate bandwidth model is available
for all new Prisma Access deployments starting with the Cloud Services plugin
1.8 version and for existing deployments that have not had any remote
networks onboarded before the release of the 1.8 plugin on November
17, 2020. If you have a deployment using the Cloud Services
plugin 1.7 with remote networks onboarded and you then upgrade to the
Cloud Services Plugin 2.0 Preferred version, this model does not
apply and you still apply bandwidth per location.
If you upgrade to the Cloud Services Plugin 2.0 Innovation version,
you can choose to allocate bandwidth by location or by compute location. Secure inbound access for remote
network sites and Quality of Service (QoS) for
remote networks is not supported when you use the aggregate
bandwidth model for remote network bandwidth allocation. All
locations you onboard share the allocated bandwidth for that compute
location. For example, you need to onboard four branch offices using
remote networks in the Singapore, Thailand, and Vietnam locations.
All these locations map to the Asia Southeast compute location.
If you allocate 200 Mbps bandwidth to the Asia Southeast compute
location, Prisma Access divides the 200 Mbps of bandwidth between
the four branch offices you onboarded in that location. If you also
add a location in Hong Kong, Hong Kong maps to the Hong Kong compute
location, and you would need to add bandwidth to that compute location.
Specify a minimum bandwidth of 50 Mbps per compute location. If
one or more sites are not using a large amount of bandwidth, Prisma
Access makes the remaining bandwidth available to other sites in
that compute location. | |
(New if upgrading from the Cloud Services
plugin 1.7) Prisma Access introduces an enhancement to the API you use to retrieve
IP addresses that allows you to reserve gateway and portal IP addresses
for mobile user locations ahead of time, before you enable them.
This ability lets you add the mobile user egress IP addresses to
your organization’s allow lists before you onboard the locations,
which in turn gives mobile users access to external SaaS apps immediately
after you onboard the locations. The API response also includes
the public IP pool subnets that are the source for the egress IP
addresses for the requested locations.The gateway and portal addresses
of any locations you add will be a part of this subnet. Adding the
subnets to your allow lists provides for future location additions
without allow list modification and is beneficial if your organization’s
allow list size is limited. The IP addresses and subnets are
valid for 90 days after you retrieve them and expire after the validity
period if you do not use them. | |
(New if upgrading from the Cloud Services
plugin 1.7) Prisma Access offers the following enhancements
to traffic steering:
| |
(New if upgrading from the Cloud Services
plugin 1.7) Prisma Access increases its maximum fully-supported remote
network bandwidth from 300 Mbps to 500 Mbps, and 500 Mbps is now
supported with SSL decryption. | |
(New if upgrading from the Cloud Services
plugin 1.7) Prisma Access supports custom and scheduled reports from
the Panorama that manages Prisma Access. The ability to run
custom and scheduled reports requires a minimum Panorama version
of 10.0.2. | |
(New if upgrading from the Cloud Services
plugin 1.7) To optimize performance and improve latency, Prisma Access
adds a new compute location in Japan and also changes the mapping
of the following locations:
If
you add the locations after your organization installs the Cloud
Services 2.0 plugin Preferred or Innovation, Prisma Access associates
the new compute locations automatically. If you are upgrading
from the Cloud Services plugin 2.0 Preferred or Innovation and you
have already onboarded these locations, complete the following steps
to take advantage of the new compute location: To
reduce down time for mobile user deployments, you can use the new
API to pre-allocate the new gateway and portal IP addresses before
you perform these steps.
Since you need to allow time to delete
and add the existing location and change your allow lists, Palo
Alto Networks recommends that you schedule a compute location change during
a maintenance window or during off-peak hours. | |
(New if upgrading from the Cloud Services
plugin 1.7) Prisma Access will offer the following enhancements to
assist you when sharing public address space externally and internally
with private apps:
| |
WildFire UK Cloud Support | (New if upgrading from the Cloud Services
plugin 1.7) Prisma Access supports the use of the WildFire
UK cloud for Prisma Access (uk.wildfire.paloaltonetworks.com),
which is designed to adhere to data sovereignty and residency laws
as well as established data protection and privacy regulations. |