Features Introduced in Prisma Access 1.7
Table of Contents
Expand All
|
Collapse All
Prisma Access Docs
-
-
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
-
-
-
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Features Introduced in Prisma Access 1.7
View the features that were introduced in Prisma Access
1.7.
The following table describes the new features introduced
in Prisma Access version 1.7.
Feature | Description |
---|---|
Continuously monitor the health and performance
of your Prisma Access environment with the new Insights app. Visually
scan and interact with a variety of Insights dashboards to get status
on your mobile users, remote network sites, service connections
to your HQ and data centers, and the Prisma Access cloud infrastructure. When
Insights detects an issue in your environment, the app generates
an alert that gives you context and lets you know where to take
action. Insights alerts also give you visibility into fixes that
the Prisma Access team is addressing. Insights is available
to you as part of a public beta for all Prisma Access
admins. | |
Prisma Access supports PAN-OS 9.1, and you can use
9.1 features with Prisma Access, including the following features:
You must upgrade
your Panorama to a version of 9.1.1 or later to take advantage of
PAN-OS 9.1 features. | |
If you want your mobile users to upgrade
to a GlobalProtect app version that is different than the one that
Prisma Access manages by default, you can request activation of
that version on the Prisma Access portal in Panorama. Previously,
Prisma Access hosted a single GlobalProtect app version on the Prisma
Access portal. Administrators control how and when mobile
users can upgrade to the newly-activated
GlobalProtect app version by configuring GlobalProtect app configuration
options in Panorama. | |
The ability to forward internet-directed traffic
through service connections for remote network and mobile
user deployments is enhanced and has a new name—Traffic Steering. Traffic
steering expands the scope of directing internet-bound traffic through
service connections. In addition to specifying FQDNs, IP addresses,
and URLs and forwarding only HTTP and HTTPS internet-bound traffic
through service connections, you can send all traffic or a subset
of the traffic based on the following additional criteria:
You
can then configure Prisma Access to split internet-bound remote
network or mobile user traffic into multiple service connections based
on the criteria you specified. Traffic steering is supported
for mobile user and remote network deployments. If
you are currently using traffic forwarding through service connections
and are using Panorama versions 9.0.6, 9.1.0, or 9.1.3 to manage
Prisma Access, you might need to make changes to your forwarding
rules after you upgrade the plugin to 1.7 or you could experience
failures during commit. | |
If you want to forward all internet-bound
mobile user traffic to one or more service connections as a part
of Traffic Steering, you can configure service connections so that
Prisma Access can receive default routes from your CPE. For example,
you could send internet-bound traffic through a service connection
directly to the headquarters or data center location using a default
route, where it is processed by a security stack before being sent
to the internet. You can combine a default route with other
traffic steering criteria to create multiple paths for internet-bound
traffic. | |
New Compute Region for South Africa West Location | To optimize performance and improve latency
for the South Africa West location, Prisma Access has created a
new compute region, South Africa, for the South Africa West location. If
you add the South Africa West location after the 1.7 plugin is released,
Prisma Access associates the new compute region automatically. If
you are an existing customer and want to take advantage of the new
compute region, delete the South Africa West location and commit and
push the configuration; then, re-add the South Africa West location and
commit and push the new configuration. Since the new compute region
will have new egress IP addresses for the South Africa West location,
Palo Alto Networks recommends that you schedule this change during
a maintenance window or during off-peak hours. |
You can implement IP tags with Dynamic Address Groups and
User tags with dynamic user groups with
Prisma Access (Panorama 9.1 required for dynamic user groups). You
can register tags using auto-tagging on the firewall. You can also register
IP tags or User tags using an XML API on Panorama or
on your on-premise firewall and redistribute them using User-ID agent redistribution. You can only register users using Local registration;
using the Panorama User-ID Agent or Remote
Device User-ID Agent to register users is not supported. | |
To let you follow the progress of a mobile
user, remote network, or service connection onboarding while it
is being deployed, Prisma Access adds a field in the PanoramaCloud ServicesStatusStatus page
called Deployment Status that provides you
with the details of the deployment. | |
The Cloud Services plugin provides the following
information about your Prisma Access deployment in Service Setup (PanoramaCloud ServicesConfigurationService Setup):
To
provide you with sufficient advance notice to upgrade, Prisma Access
will provide you with alerts related to plugin and Panorama version
upgrade requirements. For example, if your Panorama is running 9.0.x,
Prisma Access provides you with advance notice about Panorama 9.0
End-of-Support (EoS) information. | |
You can optionally provide contact information
(company and contact name, email address, and phone number) in Service
Setup so that Palo Alto Networks can provide you information regarding
Prisma Access service upgrades. This ability is helpful for system
administrators whose information is not available in the Customer
Support Portal (CSP) but who want to know the latest upgrade information. You
can also update or delete your contact information after you provide
it. | |
To reduce the number of mobile user IP subnet
advertisements over BGP to your customer premises equipment (CPE),
you can specify Prisma Access to summarize the subnets before it
advertises them. Select
route summarization when you configure service connections and remote networks. This
summarization can reduce the number of routes stored in CPE routing
tables. For example, you can use IP pool summarization with cloud
VPN gateways (Virtual Private Gateways (VGWs) or Transit Gateways
(TGWs)) that can accept a limited number of routes. | |
To support the use of Windows Internet Name
Service (WINS)-based applications, Prisma Access supports the use
of WINS to resolve NetBIOS name-to-IP address mapping. You can specify
primary and secondary WINS servers, either per Prisma Access region
or worldwide, for WINS support. Prisma Access can now push
WINS configuration to mobile users’ endpoints over GlobalProtect. |