Features Introduced in Prisma Access 1.3.0
Table of Contents
Expand All
|
Collapse All
Prisma Access Docs
-
-
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
-
-
-
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Features Introduced in Prisma Access 1.3.0
The following table describes the new features introduced
in the Cloud Services plugin version 1.3.0. For additional information
on how to use the new features in this release, refer to the Prisma Access Administrator’s
Guide (Panorama Managed).
Upgrading to 1.3 causes changes to device groups.
Feature | Description |
---|---|
Quality of Service (QoS) Support | You can now enable QoS in Prisma Access to
mark and shape QoS traffic. Prisma Access delivers the same QoS
marking and shaping features available today in Palo Alto Networks next-generation
firewalls.
|
Support for Additional Service Connections | You can now configure up to 100 service connections
in Prisma Access. Previously, a maximum of three service connections
were allowed and you had to use remote network connections for additional
connections to an HQ or data center site, which limited throughput
to the configured bandwidth of the remote connection. You
can configure up to three service connections with no license cost;
however, each additional connection uses 300 Mbps of the remote
network bandwidth allocation from your Prisma Access license. The
license cost for additional service connections does not change
their functionality. Prisma Access does not limit the bandwidth
over service connections, and additional service connections work
the same as other service connections. |
Additional Bandwidth Choices for Remote
Networks | In addition to the existing remote network bandwidth
choices of 2 Mbps, 5 Mbps, 10 Mbps, 25 Mbps, 50 Mbps, 100 Mbps,
or 300 Mbps, you can now select 20 or 150 Mbps, to better match commonly-used
ISP speeds. |
Expanded Visibility for Mobile Users | You now have expanded visibility for mobile
users, including their client OS, their last login time, and their
public IP addresses. You can view a list of currently logged in
users or view historical information of previously-logged in users
for a 90-day time period. To view User ID information, select PanoramaCloud ServicesStatusStatus;
then click either Current Users or Users
(Last 90 days) in the Mobile Users area. |
Multiple Prisma Access Instances On a
Single Panorama Appliance (Multi-Tenancy) | You can now host and manage multiple instances
of Prisma Access (known as tenants) on a single Panorama appliance.
With multi-tenancy, each single Panorama appliance supports up to
100 tenants, each with their own templates and template stacks, device groups, and access domains.
This enables you to create tenant-level administrative users who
can view and edit the configuration for a single tenant. You
allocate remote network and mobile user license resources for each
tenant based on the license that is associated with the Cloud Services
plugin in Panorama. The minimum license allocation for each tenant
is 500 Mbps for remote networks and 500 mobile users. You can also
configure a tenant with only remote networks (minimum 500 Mbps)
or mobile users (minimum 500 mobile users). Since this
feature is supported starting with PAN-OS version 8.1.6, you must
use the Cloud Services plugin with a Panorama appliance running
a minimum version of 8.1.6. |
GlobalProtect App Generate Ticket Option | Panorama now allows GlobalProtect administrators
and Help Desk support personnel to generate a ticket that end users
must supply to disable the GlobalProtect app
for Windows or for Mac. Since
this enhancement is supported starting with PAN-OS version 8.1.6, you
must use the Cloud Services plugin with a Panorama appliance running
a minimum version of 8.1.6. |
Persistent Public IP Addresses for Mobile
User Gateways | This feature is applicable if you are adding Prisma
Access public IP addresses to an allow list in your network to control
access for SaaS or public applications. With this release,
Prisma Access now assigns two new sets of public IP addresses for
mobile user gateways:
These new IP addresses will persist
across future upgrades. Prisma Access provides each customer
with their own unique set of IP addresses. While the currently assigned
IP address will change after you upgrade, this change does not affect
mobile users' ability to connect to Prisma Access. Public
IP addresses for remote networks will not change after you upgrade,
and you do not have to reconfigure your IPSec tunnels. You
can retrieve these new addresses by retrieving your API key and
entering a curl command in the following format:
Where Current-API-Key is
the Prisma Access API key. For example, given an API key of 123abc,
use the following curl command to retrieve the public IP address:
If
you have a large number of mobile users from a single region, the
reserved IP addresses might be insufficient to scale; in this case,
Prisma Access adds more public IP addresses to the allocated IP
sets and you will have to retrieve those new IP addresses to add
to your allow lists. These extra sets of IP addresses also persist
after an upgrade. Continue to use the curl command to get notified
when additional sets of IPs are added to the reserved pool. |
PAN-OS 8.1 Support | The Prisma Access infrastructure is upgraded
to PAN-OS version 8.1. You can now implement PAN-OS 8.1 features
in Prisma Access, including but not limited to the following features:
Upgrading the infrastructure
to 8.1 causes changes to default behavior; for more information,
see the following documentation:
|