Use Explicit Proxy with GlobalProtect (or a Third-Party VPN)
Focus
Focus
Prisma Access

Use Explicit Proxy with GlobalProtect (or a Third-Party VPN)

Table of Contents

Use Explicit Proxy with GlobalProtect (or a Third-Party VPN)

See some examples of using GlobalProtect with Explicit Proxy in a mobile users deployment.
Where Can I Use This?What Do I Need?
  • Prisma Access (Managed by Strata Cloud Manager)
  • Prisma Access (Managed by Panorama)
  • Prisma Access license
You can combine Explicit Proxy with GlobalProtect or a third-party VPN:
  • Explicit Proxy and GlobalProtect
    • Use GlobalProtect in split tunnel mode to provide secure access to private apps only.
    • Use explicit proxy to secure public apps, including internet traffic and external SaaS applications.
  • Explicit Proxy and a Third-Party VPN
    If you are using a VPN client for access to data center and private applications, you can continue to use that client to secure access to private apps while you use Explicit Proxy and a PAC file to secure access to public apps. You can deploy Explicit Proxy in a location close to your mobile users, which eliminates the need to backhaul traffic to your data center for web security.
The following figure shows a deployment using a GlobalProtect gateway along with Explicit Proxy. GlobalProtect routes the traffic using the GlobalProtect client to the Palo Alto Networks next-generation firewall. To configure this deployment, you create a split tunnel configuration in GlobalProtect, allowing private apps to be secured with GlobalProtect and public apps to be secured with Explicit Proxy. When configuration is complete, mobile users connect to the private apps in your organization’s data center using GlobalProtect and connect to private internet-based apps using Explicit Proxy.
If you have a third-party VPN, you can use it to connect to private apps in the data center, while securing public apps using Explicit Proxy, as shown in the following figure.
Get started: