Strata Cloud Manager
Workflows: Prisma Access
Table of Contents
Expand All
|
Collapse All
Strata Cloud Manager Docs
-
- Strata Copilot
- Command Center: Strata Cloud Manager
-
- Dashboard: Build a Custom Dashboard
- Dashboard: Executive Summary
-
- WildFire Dashboard: Filters
- WildFire Dashboard: Total Samples Submitted
- WildFire Dashboard: Analysis Insights
- WildFire Dashboard: Session Trends For Samples Submitted
- WildFire Dashboard: Verdict Distribution
- WildFire Dashboard: Top Applications Delivering Malicious Samples
- WildFire Dashboard: Top Users Impacted By Malicious Samples
- WildFire Dashboard: Top Malware Regions
- WildFire Dashboard: Top Firewalls
- Dashboard: DNS Security
- Dashboard: AI Runtime Security
- Dashboard: IoT Security
- Dashboard: Prisma Access
-
- Application Experience Dashboard: Mobile User Experience Card
- Application Experience Dashboard: Remote Site Experience Card
- Application Experience Dashboard: Experience Score Trends
- Application Experience Dashboard: Experience Score Across the Network
- Application Experience Dashboard: Global Distribution of Application Experience Scores
- Application Experience Dashboard: Experience Score for Top Monitored Sites
- Application Experience Dashboard: Experience Score for Top Monitored Apps
- Application Experience Dashboard: Application Performance Metrics
- Application Experience Dashboard: Network Performance Metrics
- Dashboard: Best Practices
- Dashboard: Compliance Summary
-
- Prisma SD-WAN Dashboard: Device to Controller Connectivity
- Prisma SD-WAN Dashboard: Applications
- Prisma SD-WAN Dashboard: Top Alerts by Priority
- Prisma SD-WAN Dashboard: Overall Link Quality
- Prisma SD-WAN Dashboard: Bandwidth Utilization
- Prisma SD-WAN Dashboard: Transaction Stats
- Prisma SD-WAN Dashboard: Predictive Analytics
- Dashboard: PAN-OS CVEs
- Dashboard: CDSS Adoption
- Dashboard: Feature Adoption
- Dashboard: On Demand BPA
- Manage: IoT Policy Recommendation
- Manage: Enterprise DLP
- Manage: SaaS Security
- Manage: Prisma Access Browser
- Reports: Strata Cloud Manager
-
-
- Strata Cloud Manager Release Information
-
- New Features in February 2025
- New Features in January 2025
- New Features in December 2024
- New Features in November 2024
- New Features in October 2024
- New Features in September 2024
- New Features in August 2024
- New Features in July 2024
- New Features in June 2024
- New Features in May 2024
- New Features in April 2024
- New Features in March 2024
- New Features in February 2024
- New Features in January 2024
- New Features in November 2023
- New Features in October 2023
- New Features in September 2023
- Known Issues
- Addressed Issues
- Getting Help
Workflows: Prisma Access
Where Can I Use This? | What Do I Need? |
---|---|
|
|
Before you can use Prisma Access to secure your remote networks and mobile users, you
must configure an infrastructure subnet.
Prisma Access uses the subnet to create the network backbone for communication
between your branch networks, mobile users, and the Prisma Access security
infrastructure, as well as with the HQ and data center networks you plan to connect to
Prisma Access over service connections. If you use dynamic routing for your
remote networks or service connections, you must also configure an RFC 6696-compliant
BGP Private AS number.
Use the following recommendations and requirements when you add an infrastructure subnet
for Prisma Access.
- Use an RFC 1918-compliant subnet. While Prisma Access supports the use of non-RFC 1918-compliant (public) IP addresses, it's not recommended due to possible conflicts with the internet public IP address space.
- Don't specify any subnets that overlap with 169.254.169.253, 169.254.169.254, and the 100.64.0.0/10 subnet range because Prisma Access reserves those IP addresses and subnets for its internal use. This subnetwork is an extension to your existing network and therefore can't overlap with any IP subnets that you use within your corporate network or with the IP address pools that you assign for Prisma Access for Users or Prisma Access for Networks. Because the service infrastructure requires a large number of IP addresses, you must designate a /24 subnetwork (for example, 172.16.55.0/24).
- Enter an Infrastructure subnet that Prisma Access can use to enable communication between your remote network locations, mobile users, and the HQ or data centers that you plan on connecting to Prisma Access over service connections. Use an RFC 1918-compliant subnet for the infrastructure subnet.
See Prisma Access Setup for more information.
Set up the DNS for Infrastructure
Prisma Access allows you to specify Domain Name System (DNS) servers to resolve
both domains that are internal to your organization and external domains. Prisma Access proxies the DNS request based on the configuration of your DNS
servers.
Setting up the infrastructure DNS will provide access to services on your corporate
network—like LDAP and DNS servers— especially if you plan to set up service
connections to provide access to these type of resources at HQ or in data centers.
DNS queries for domains in the Internal Domain List are sent to your local DNS
servers to ensure that resources are available to Prisma Access remote network users
and mobile users.
This will set up internal domain lists that apply to all traffic. If preferred, you
can view the Admin Guide to see how to create internal domain lists that apply only
to specific mobile user deployments or remote network sites.
The benefits of setting up DNS for the infrastructure are:
- Enable Prisma Access to resolve your internal domains
- Set up DNS to resolve both internal and external domains
- Use a wildcard (*) before the domains in the domain list, for example, *.acme.local or *.acme.com
See DNS for Prisma Access for more
information.