Changes to Default Behavior for Prisma Access 5.1

Table of Contents

Filter

Expand All | Collapse All

Prisma Access Docs

Activation & Onboarding
Administration
Version
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Integrations
Incidents & Alerts
Release Notes
Version
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred

New Features in Prisma Access 5.1 and 5.1.1

Prisma Access Known Issues

Changes to Default Behavior for `Prisma Access` 5.1

Where Can I Use This?	What Do I Need?
Prisma Access (Managed by Strata Cloud Manager) Prisma Access (Managed by Panorama)	`Prisma Access` license Minimum Required Prisma Access Version 5.1 Preferred or Innovation

The following table details the changes in default behavior for the Cloud Services plugin version 5.1 and 5.1.1.

Component	Change
Set GlobalProtect App Version in `Prisma Access` Global Settings	Starting with `Prisma Access` 5.1.1, you must set the GlobalProtect App version in Prisma Access. If you do not set the GlobalProtect version, you will be prompted to upgrade the GlobalProtect version every time a new version is released. To set the GlobalProtect version: `Prisma Access (Managed by Strata Cloud Manager)` Deployments: From `Strata Cloud Manager`, go to Workflows`Prisma Access` SetupGlobalProtectGlobalProtect App, click the gear to edit the GlobalProtect App Settings, and select the GlobalProtect App Version. `Prisma Access (Managed by Panorama)` Deployments: From Panorama, go to PanoramaCloud ServicesConfigurationService SetupGlobalProtect App Activation and make sure that you have selected an Active GlobalProtect App version and, if you haven't, Activate new GlobalProtect app version.
Remapped Prisma Access Locations	To better optimize the performance of `Prisma Access`, the following locations have been remapped to the following compute locations: The South Africa Central location is remapped to the South Africa Central compute location. The Canada West location is remapped to the Calgary West (Calgary) compute location. New deployments have the new remapping applied automatically. If you have an existing Prisma Access deployment that uses one of these locations and you want to take advantage of the remapped compute location, follow the procedure to add a new compute location to a deployed Prisma Access location.
Upgrade Considerations for the PAN-OS 11.2	If you choose to have Palo Alto Networks upgrade your dataplane to PAN-OS 11.2, make sure that you're aware of the following changes and upgrade considerations before you schedule the upgrade: PAN-OS 11.2: Changes to Default Behavior Upgrade/Downgrade Considerations Addressed Issues for PAN-OS 11.2 PAN-OS 11.1: Changes to Default Behavior Upgrade/Downgrade Considerations Addressed Issues for PAN-OS 11.1 PAN-OS 11.0: Changes to Default Behavior Upgrade/Downgrade Considerations Addressed Issues for PAN-OS 11.0
FQDNs Substituted for Service IP Addresses for Service Connections and Remote Network Connections (Panorama Managed Deployments Only)	For new Prisma Access (Managed by Panorama) deployments, when you onboard a new service connection or remote network connection, Prisma Access provides you with an FQDN instead of a Service IP Address as the peer IP address. If you need to use an IP address for the other side of the service connection or remote network connection instead of the FQDN, you can find the Service IP Address under PanoramaCloud ServicesConfigurationService SetupService OperationsServiceability CommandsService IP Address.
Troubleshooting Commands Renamed to Serviceability Commands (Panorama Managed Deployments Only)	The Troubleshooting Commands area in Panorama Managed Prisma Access (PanoramaCloud ServicesConfigurationService SetupService OperationsTroubleshooting Commands) has been renamed to Serviceability Commands (PanoramaCloud ServicesConfigurationService SetupService OperationsServiceability Commands).
swg-known-auth-bypass User in Explicit Proxy Deployments	For the domains bypassed for authentication in Explicit Proxy, users will be tracked as swg-known-auth-bypass instead of unknown user, which was used previously. Ensure that security policy rules for those authentication bypassed domains allow swg-known-auth-bypass or pre-defined "Known-Users".
IP Address Consolidation for Deployments that Have Migrated to IP Optimization	If you have an existing Prisma Access that has had one or more regions migrated to IP Optimization and are using Prisma Access Allow listing, some IP addresses that you have allow listed have moved from the Allocated Egress IP addresses area to the Allocated Ingress IP addresses area in the `Prisma Access` UI. This change is a result of IP address consolidation as a part of the Prisma Access 5.2.1 infrastructure upgrade. Your networks can still reach these IP addresses and you no longer have to allow list them.