>
    Access Your Data Center Using Explicit Proxy
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma Access
    3. Prisma Access Mobile Users
    4. Mobile Users: Explicit Proxy
    5. Access Your Data Center Using Explicit Proxy
    Download PDF
    Prisma Access

    Access Your Data Center Using Explicit Proxy

    Table of Contents

    Access Your Data Center Using Explicit Proxy

    This is how you use Explicit Proxy to access resources in your data center.
    Where Can I Use This?What Do I Need?
    • Prisma Access (Managed by Strata Cloud Manager)
    • Prisma Access (Managed by Panorama)
    • Prisma Access 5.1 Preferred
    • (For private and partner app access) GlobalProtect app version 6.2 for Windows or macOS
    You can use service connections to access resources in your data center, such as external dynamic lists or private and partner apps, while still benefiting from an Explicit Proxy connection.
    Make sure the private apps are not set as DIRECT in the PAC file.

    Access Your Data Center Using Explicit Proxy (Strata Cloud Manager)

    This is how you access your data center using Prisma Access Explicit Proxy in Strata Cloud Manager.
    1. Configure a service connection in Prisma Access.
    2. Configure DNS settings.
    3. Ensure that the DESTINATION Zones for internet-bound traffic is set to untrust instead of any.
      Failure to perform this step could result in unintended access to your data center.
      1. Select ManageConfigurationNGFW and Prisma AccessConfiguration ScopeFoldersPrisma AccessMobile Users ContainerExplicit ProxySecurity ServicesSecurity Policy.
      2. Open a rule for internet-bound traffic.
      3. Ensure Zones under DESTINATION is set to untrust.
      4. Repeat for all of your internet-bound traffic rules.
    4. Enable private application access.
      1. Select WorkflowsPrisma Access SetupExplicit Proxy Infrastructure Settings
        Enable Private App Access for Explicit Proxy        .
    5. Create security policy rules for the data center resources you want to access.
      1. Select ManageConfigurationNGFW and Prisma AccessConfiguration ScopeFoldersPrisma AccessMobile Users ContainerExplicit ProxySecurity ServicesSecurity Policy.
      2. Create security policy rules.
      In rules for data center access, ensure Zones under DESTINATION is set to trust.

    Access Your Data Center Using Explicit Proxy (Panorama)

    Access resources hosted in your data center using Prisma Access Explicit Proxy.
    1. Configure a service connection in Prisma Access.
    2. Configure DNS settings.
    3. Configure zone mappings.
      1. Select PanoramaCloud ServicesConfigurationMobile Users - Explicit ProxyZone Mapping
      2. Add the zones that you will use to access your data center resources to Trusted Zones.
    4. Ensure that the Destination ZONE in policy rules for internet-bound traffic is set to an untrust zone instead of any.
      Failure to perform this step could result in unintended access to your data center.
      1. Select Policies.
      2. Set the Device Group to Explicit_Proxy_Device_Group.
      3. Change the Destination ZONE from any to one of the untrust zones you configured in an earlier step.
    5. Enable private application access.
      1. Select PanoramaCloud ServicesConfigurationMobile Users - Explicit ProxySettings
        AdvancedEnable Private Application Access
    6. Create security policy rules for the data center resources you want to access.
      1. Select Policies.
      2. Set the Device Group to Explicit_Proxy_Device_Group.
      3. Create security policy rules.
        In rules for data center access, ensure that you use the Trusted zones you configured in an earlier step.

    © 2024 Palo Alto Networks, Inc. All rights reserved.