Features Introduced in Prisma Access 2.2 Preferred
Table of Contents
Expand All
|
Collapse All
Prisma Access Docs
-
-
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
-
-
-
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Features Introduced in Prisma Access 2.2 Preferred
This section lists the new features that are available
in Prisma Access 2.2 Preferred, along with upgrade information and
considerations if you are upgrading from a previous Prisma Access
version.
- Cloud Services Plugin 2.2 Preferred
- Upgrade Considerations for 2.2 Prisma Access Releases
- Minimum Required Software Versions
- New Features—Cloud Services Plugin 2.2 Preferred
To see the changes in default behavior after you upgrade to the
Cloud Services plugin 2.2 Preferred and Innovation, see Changes to Default Behavior.
Cloud Services Plugin 2.2 Preferred
Prisma Access 2.2 consists of a single Prisma Access
version and it uses the Cloud Services Plugin 2.2 Preferred.
There is no 2.2 Innovation version.
A dataplane upgrade is required to upgrade to 2.2 Preferred.
This upgrade is required whether you are currently running 2.1 Preferred,
2.1 Innovation, 2.0 Preferred, or 2.0 Innovation. 2.2 Preferred
runs on the PAN-OS version 10.0 dataplane.
Upgrade Considerations for 2.2 Prisma Access Releases
A dataplane and infrastructure
upgrade is required for all upgrades from an existing Panorama
Managed Prisma Access version to 2.2. Preferred. Your dataplane
will be upgraded to PAN-OS 10.0.
After you upgrade to the Cloud Services plugin 2.2 Preferred,
you receive all supported features in Prisma Access to date, including
all Innovation and Preferred features, along with the new features
introduced in 2.2 Preferred. If your 2.1 Innovation deployment uses Explicit Proxy for mobile
users, Palo Alto Networks will perform additional infrastructure upgrades as
a part of the dataplane upgrade. Palo Alto Networks will inform
you of these updates using email notifications in
the Prisma Access app.
For all upgrades, be sure that you have signed up for alerts in
the Prisma Access app. Palo Alto Networks will alert you 21 days
in advance for the scheduled date and available time windows for
the dataplane upgrade. If you are running a Prisma Access (Panorama
Managed) deployment, Palo Alto Networks will make the Cloud Services
plugin 2.2 available for you to download and install after
Palo Alto Networks upgrades your dataplane. While your existing
Cloud Services plugin may continue to work, it is recommended that
you install and upgrade your Cloud Services plugin to 2.2. For details
about the dataplane upgrade, see Upgrade Your Prisma Access Dataplane in
the Prisma Access Administrator’s
Guide (Panorama Managed).
Minimum Required Software Versions
For the minimum Panorama version that is supported with
2.2 Preferred, see Prisma Access and Panorama Version
Compatibility in the Palo Alto Networks Compatibility
Matrix.
Panorama 10.1 is only supported for 2.2 Preferred and the
2.1 Preferred and 2.1 Innovation plugin versions listed in the Minimum Required Panorama Software
Versions section in the Palo Alto Networks Compatibility
Matrix.
Any other future, unreleased PAN-OS releases will not be supported
for use with Prisma Access until further notice.
Prisma Access supports any GlobalProtect version that is not End-of-Life (EoL). A minimum GlobalProtect
version of 5.2.6 (5.2.8 recommended) is required to use Autonomous Digital Experience Management
(Autonomous DEM) and a minimum of GlobalProtect 5.2.5 is required for
GlobalProtect App Log Collection for
Troubleshooting.
New Features—Cloud Services Plugin 2.2 Preferred
The following table describes the new features that
will be available with Prisma Access 2.2 Preferred.
Feature | Description |
---|---|
IPv6 Support for Private App Access | Prisma Access will support private app access
over IPv6 for dual-stack mobile users and single and dual-stack
endpoints at branch offices. The feature will help if you are moving
to modern networks that leverage IPv6. Prisma Access will allow
you to specify IPv6 addresses in components such as the infrastructure subnet,
mobile user IP address pools, and BGP peers. Prisma Access will
still use public IPv4 IP addresses for the Mobile Users (GlobalProtect) VPN
tunnels and service connection and remote network connection IPSec
tunnels. |
FedRAMP Moderate Support | Panorama Managed Prisma Access has been
authorized for FedRAMP Moderate support. |
Support for WildFire Germany Cloud | Prisma Access supports the use of the WildFire
Germany Cloud (de.wildfire.paloaltonetworks.com), allowing you to
utilize the WildFire cloud-based threat analysis and prevention
engine, while ensuring that files submitted for analysis stay in
the country to address data location concerns. Note that
certain metadata connected to submitted samples, as described in
the WildFire Privacy Datasheet,
are shared with our other regional clouds. While submissions stay
within German borders, German customers still benefit from the global security
intelligence and updates based on the network effect of Palo Alto
Networks 42,000+ WildFire customers. Sensitive data and submissions
are restricted from leaving Germany when using the WildFire cloud
threat analysis service. Samples submitted to the WildFire Germany
cloud and the resulting malware analysis, signature generation and delivery
occur and remain within German borders. The following locations
will use WildFire Germany Cloud: Andorra, Austria, Bulgaria,
Croatia, Czech Republic, Egypt, Germany Central, Germany North,
Germany South, Greece, Hungary, Israel, Italy, Jordan, Kenya, Kuwait,
Liechtenstein, Luxembourg, Moldova, Monaco, Nigeria, Poland, Portugal,
Romania, Saudi Arabia, Slovakia, Slovenia, South Africa Central,
Spain Central, Spain East, Turkey, Ukraine, United Arab Emirates,
Uzbekistan |
SaaS Security Inline Support—Visibility | Prisma Access supports the use of SaaS Security Inline to automatically
discover and analyze users’ SaaS activity and data usage for Sanctioned
and Unsanctioned applications. Having full visibility into the SaaS
applications usage, you can reduce the security risks to your organization, like
data leakage, malware entry points, and non-compliance. SaaS
Security Inline is a security service that also offers advanced
risk scoring, analytics, and reporting. |
Support for Gzip Encoding in Clientless VPN | To allow Prisma Access Clientless VPN users
to access Gzip-compressed websites, Prisma Access adds support for
Gzip encoding to Clientless VPN deployments. |
Multi-Tenant support for Autonomous DEM (ADEM) | To enhance the application experience with multi-tenant deployments, Prisma
Access now provides flexibility to distribute and enforce ADEM Mobile
User license at each tenant. For details, see the technical documentation for Autonomous
DEM. |
DLP support for multi-tenant deployments | Prisma Access will allow you to use the same
DLP capabilities as that used in single-tenant deployments and on next-generation
firewalls by adding Enterprise DLP plugin support
to multi-tenant deployments. Use
the following guidelines when implementing Enterprise DLP with Prisma
Access in a multi-tenant deployment:
|
IoT Security Support for EU Region | To provide better worldwide coverage, Prisma
Access will add support for the IoT Security region in the EU. The
IoT Security EU region (Germany—Europe) maps to the following
Strata Logging Service locations:
|
If you have set up tunnel monitoring with static
routes, you can configure Prisma Access to withdraw the static routes
that are installed on service connections and remote network connections
when the IPSec tunnel goes down. You cannot apply this change
if tunnel monitoring is not enabled. This feature will be
automatically enabled for Cloud Managed Prisma Access deployments after
the 2.2 Preferred upgrade. | |
Explicit Proxy Enhancements | Prisma Access offers the following enhancements
for Prisma Access for Mobile Users:
|
Prisma Access Insights Updates | Prisma Access Insights will offer you the following
enhancements:
To
see what’s new in Prisma Access Insights, see What’s New in the Prisma Access Insights technical documentation. |