Changes to Default Behavior for Prisma Access 5.1
Focus
Focus
Prisma Access

Changes to Default Behavior for Prisma Access 5.1

Table of Contents

Changes to Default Behavior for Prisma Access 5.1

Where Can I Use This?What Do I Need?
  • Prisma Access (Managed by Strata Cloud Manager)
  • Prisma Access (Managed by Panorama)
  • Minimum Required Prisma Access Version 5.1 Preferred or Innovation
The following table details the changes in default behavior for the Cloud Services plugin version 5.1 and 5.1.1.
ComponentChange
Set GlobalProtect App Version in Prisma Access Global SettingsStarting with Prisma Access 5.1.1, you must set the GlobalProtect App version in Prisma Access. If you do not set the GlobalProtect version, you will be prompted to upgrade the GlobalProtect version every time a new version is released.
To set the GlobalProtect version:
  • Prisma Access (Managed by Strata Cloud Manager) Deployments: From Strata Cloud Manager, go to WorkflowsPrisma Access SetupGlobalProtectGlobalProtect App, click the gear to edit the GlobalProtect App Settings, and select the GlobalProtect App Version.
  • Prisma Access (Managed by Panorama) Deployments: From Panorama, go to PanoramaCloud ServicesConfigurationService SetupGlobalProtect App Activation and make sure that you have selected an Active GlobalProtect App version and, if you haven't, Activate new GlobalProtect app version.
Remapped Prisma Access LocationsTo better optimize the performance of Prisma Access, the following locations have been remapped to the following compute locations:
  • The South Africa Central location is remapped to the South Africa Central compute location.
  • The Canada West location is remapped to the Calgary West (Calgary) compute location.
New deployments have the new remapping applied automatically. If you have an existing Prisma Access deployment that uses one of these locations and you want to take advantage of the remapped compute location, follow the procedure to add a new compute location to a deployed Prisma Access location.
Upgrade Considerations for the PAN-OS 11.2If you choose to have Palo Alto Networks upgrade your dataplane to PAN-OS 11.2, make sure that you're aware of the following changes and upgrade considerations before you schedule the upgrade:
FQDNs Substituted for Service IP Addresses for Service Connections and Remote Network Connections (Panorama Managed Deployments Only)For new Prisma Access (Managed by Panorama) deployments, when you onboard a new service connection or remote network connection, Prisma Access provides you with an FQDN instead of a Service IP Address as the peer IP address. If you need to use an IP address for the other side of the service connection or remote network connection instead of the FQDN, you can find the Service IP Address under PanoramaCloud ServicesConfigurationService SetupService OperationsServiceability CommandsService IP Address.
Troubleshooting Commands Renamed to Serviceability Commands (Panorama Managed Deployments Only)The Troubleshooting Commands area in Panorama Managed Prisma Access (PanoramaCloud ServicesConfigurationService SetupService OperationsTroubleshooting Commands) has been renamed to Serviceability Commands (PanoramaCloud ServicesConfigurationService SetupService OperationsServiceability Commands).
swg-known-auth-bypass User in Explicit Proxy DeploymentsFor the domains bypassed for authentication in Explicit Proxy, users will be tracked as swg-known-auth-bypass instead of unknown user, which was used previously. Ensure that security policy rules for those authentication bypassed domains allow swg-known-auth-bypass or pre-defined "Known-Users".
IP Address Consolidation for Deployments that Have Migrated to IP Optimization
If you have an existing Prisma Access that has had one or more regions migrated to IP Optimization and are using Prisma Access Allow listing, some IP addresses that you have allow listed have moved from the Allocated Egress IP addresses area to the Allocated Ingress IP addresses area in the Prisma Access UI. This change is a result of IP address consolidation as a part of the Prisma Access 5.2.1 infrastructure upgrade. Your networks can still reach these IP addresses and you no longer have to allow list them.