Prisma Access

on


Prisma Access is cloud-native, meaning it has been created for and exists wholly in the cloud and delivered as infrastructure as Security Service Edge (SSE).

The only hardware required to connect data center or branch locations to the service is an IPSec VPN compliant device, such as a Palo Alto NGFW or Prisma SD-WAN ION device. A great range of third-party vendor integrations are supported. Mobile users connect via the GlobalProtect app installed on their device

Prisma Access can be configured with multiple gateways, meaning there is always one close to the user.

Service Infrastructure
Service Connections                                -  SC-CAN, enable via NGFW or ZTNA connector
Mobile Users: via GP or Explicit Proxy  -  MU-SPN (gateway)
Remote Networks                                    -   RN-SPN, metered by BW
ZTNA Connector: allows users to connect to private applications using an automated, secure tunnel
Strata Logging Service (SLS):  required for all Prisma Access deployments
Strata Cloud Manager (preferred) or Panorama

ZTNA 2.0


The Prisma Access Cloud Portal holds the configuration for all the Prisma Access GlobalProtect clients.

Autonomous Digital Experience Management (ADEM) provides automatic diagnostic and resolution of connectivity issues allowing users to continue working rather than submitting support tickets
ADEM provides native, end-to-end visibility and insights for all user traffic in the Secure Access Service Edge (SASE) environment
ADEM functionality is natively integrated into the GlobalProtect app and Prisma Access

Add-ons:
Prisma SD-WAN
App Acceleration
Remote Browser Isolation
ADEM/AI-Powered ADEM
SaaS Security Inline
Enterprise DLP
NG-CASB Bundle
Internet of Things (IoT) Security
Net Interconnect : For RN-to-RN, MU-to-RN


Prisma Access can be deployed in one of three ways:
  • Mobile User (MU)  (A Mobile User license is needed for every unique users over a period of 90 days.)
  • Branch  (A branch license provides 1 Mbps of bandwidth.)
  • Mobile User & Branch (use it as either an MU license or a branch license)




Prisma Access Use Cases

VPN replacement
SWG replacement: provides immediate support for explicit proxy with no network changes required.
CASB replacement: provides advanced SaaS app visibility and control through our SaaS Security and Enterprise DLP subscriptions


 Prisma Access Edition (License bundles)

Business
Business Premium
ZTNA(for Mobile User Only)
Enterprise




Prisma Access Location

Local edition
Worldwide edition


 

Prisma Acce

ss: Management

1. Cloud management with Strata Cloud Manager simplifies the onboarding process by providing predefined internet access and decryption policy rules based on best practices. Customers can quickly set up IPSec tunnels using defaults suitable for the most common IPSec-capable devices and turn on SSL decryption for recommended URL categories

2. Use the Cloud Services plugin on Panorama to set up and manage Prisma Access


Technical Deployment Consideration

The process starts with defining the scope of the deployment, the number of service connections, remote networks and users, their physical locations and bandwidth requirements, followed by any add-on subscriptions that the customer wishes to purchase.

The first consideration a customer must make is their management console. If they have chosen to manage Prisma Access alongside existing NGFWs via Panorama, then they will require a plugin. If they have chosen Strata Cloud Manager, then they will need to activate their tenant via the portal.

Once the customer has verified their SLS instance and added an infrastructure subnet, automation tools will build the first Corporate Access Node. From there, mobile user portals and remote networks can be configured incrementally

In order to ensure that a deployment is successful, a design review and validation is required to be performed by the Solution Assurance team for every new SASE opportunity, including expansions or license upgrades

Each service connection delivers up to one Gbps bandwidth, which can be aggregated up to a maximum of five Gbps per data center.

Remote networks can also be licensed on an aggregated model, where multiple branches in the same compute location can share a bandwidth allocation.
Minimum allocation is 50 Mbps per branch, up to a maximum of one Gbps per remote network.

Prisma Access counts the number of unique users in a rolling 30-day period (previously 90-days).

The ZTNA Connector is licensed according to the number of private applications that are required to be accessible.

Every edition of Prisma Access provides up to 250 GB of data transfer per year, per unit purchased,

Cortex Data Lake is a scalable cloud-delivered service for secure storage of  NGFW logs, regardless of the location or form factor, including PA-Series physical NGFWs, VM-Series virtual NGFWs, and Prisma Access. 
A Cortex Data Lake subscription is required for Prisma Access

Customer Success

Standard Success
Premium Success


Cortex Data Lake is now called Strata Logging Service


Networks Prisma Access Browser (PAB).

Prisma Access Browser provides a secure workspace on both managed and unmanaged devices for employees, contractors, and those using provided devices or BYOD. It uses Advanced URL Filtering, Advanced WildFire, and Enterprise Data Loss Prevention (DLP), leveraging artificial intelligence (AI) to detect and stop threats in real-time from the application to the browser.























Comments

Post a Comment