Implementing Palo Alto Networks Prisma® Access

Implementing Palo Alto Networks Prisma® Access

by Tom Piens Aka
Released May 2024
Publisher(s): Packt Publishing
ISBN: 9781835081006

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Deploy Prisma Access for mobile users, remote networks, and service connections harnessing advanced features

Key Features

  • Find out how to activate, deploy, and configure Prisma Access
  • Configure mobile user and remote network security processing nodes
  • Understand user identification and the Cloud Identity Engine
  • Purchase of the print or Kindle book includes a free PDF eBook

Book Description

Discover how Palo Alto Networks' Prisma Access, a firewall as a service (FWaaS) platform, securely connects mobile users and branch offices to resources. This guide, written by renowned Palo Alto Networks expert Tom Piens, introduces cloud-delivered security and Prisma Access components. You’ll learn how Prisma Access fits into the security landscape and benefits organizations with remote networks and mobile workforces, and gain essential knowledge and practical skills in setting up secure connections, implementing firewall policies, utilizing threat prevention, and securing cloud applications and data. By the end, you'll be able to successfully implement and manage a secure cloud network using Prisma Access.

What you will learn

  • Configure and deploy the service infrastructure and understand its importance
  • Investigate the use cases of secure web gateway and how to deploy them
  • Gain an understanding of how BGP works inside and outside Prisma Access
  • Design and implement data center connections via service connections
  • Get to grips with BGP configuration, secure web gateway (explicit proxy), and APIs
  • Explore multi tenancy and advanced configuration and how to monitor Prisma Access
  • Leverage user identification and integration with Active Directory and AAD via the Cloud Identity Engine

Who this book is for

This book is for network engineers, security engineers, security administrators, security operations specialists, security analysts, and anyone looking to integrate Prisma Access into their security landscape. Whether you're a newcomer to the field or a seasoned expert, this guide offers valuable insights for implementing and managing a secure cloud network effectively. Basic knowledge of Palo Alto will be helpful, but it’s not a prerequisite.

Table of contents

  1. Implementing Palo Alto Networks Prisma® Access
  2. Foreword
  3. Contributors
  4. About the author
  5. About the reviewers
  6. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Conventions used
    5. Get in touch
    6. Share Your Thoughts
    7. Download a free PDF copy of this book
  7. Part 1:Activate and Configure Prisma Access
  8. Chapter 1: Designing and Planning Prisma Access
    1. Technical requirements
    2. Routing in Prisma Access
      1. Important concepts
      2. Cloud infrastructure
      3. The relationship between remote networks and service connections
      4. The relationship between MU-SPNs and service connections
    3. Planning the service infrastructure
    4. Planning remote networks
    5. Planning mobile user locations
    6. Summary
  9. Chapter 2: Activating Prisma Access
    1. Technical requirements
    2. Before you start
      1. Panorama-managed Prisma Access
      2. Cloud-managed Prisma Access
    3. Activating Prisma Access
    4. Summary
  10. Chapter 3: Setting Up Service Infrastructure
    1. Technical requirements
    2. Configuring service infrastructure via Strata Cloud Manager
    3. Configuring Panorama’s managed service infrastructure
      1. Settings
      2. Service Operations
    4. Summary
  11. Chapter 4: Deploying Service Connections
    1. Technical requirements
    2. What are service connections used for?
    3. Provisioning an SC-CAN in cloud-managed Prisma Access
      1. Primary tunnel
    4. Provisioning an SC-CAN in Panorama
    5. Summary
  12. Part 2:Configure Mobile User and Remote Network Security Processing Nodes
  13. Chapter 5: Configuring Remote Network SPNs
    1. Technical requirements
    2. Deploying RN-SPNs in Strata Cloud Manager
      1. Assigning bandwidth to a location
      2. Exploring advanced settings
      3. Configuring remote network tunnels
    3. Deploying RN-SPNs in Panorama
      1. Assigning bandwidth to a location
      2. Zone mapping
      3. Remote Network settings
      4. Configuring remote network tunnels
      5. Onboarding remote networks
    4. Summary
  14. Chapter 6: Configuring Mobile User SPNs
    1. Technical requirements
    2. Design considerations
      1. Gateway selection
      2. IP pools
      3. MU-SPN autoscaling
    3. Configuring MU-SPN in Strata Cloud Manager
      1. Infrastructure
    4. GlobalProtect app
      1. App Settings
      2. Tunnel Settings
    5. Configuring MU-SPNs in Panorama
      1. GlobalProtect portal configuration
      2. GlobalProtect gateway configuration
    6. Summary
  15. Chapter 7: Securing Web Gateway
    1. Technical requirements
    2. Considerations when using the SWG
    3. Configuring the explicit proxy
      1. SWG in Prisma Cloud Manager
      2. SWG in Panorama
    4. Proxy Auto Configuration (PAC) file and client configuration
    5. GlobalProtect in the proxy mode
    6. Summary
  16. Chapter 8: Setting Up Your Security Policy
    1. Technical requirements
    2. Why do we need security rules?
    3. Building security policies in Strata Cloud Manager
      1. Security rules
      2. Custom security profiles
      3. Decryption
      4. Objects
    4. Building security policies in Panorama
    5. Clientless VPN
    6. Summary
  17. Part 3:Advanced Configuration and Best Practices
  18. Chapter 9: User Identification and Cloud Identity Engine
    1. Technical requirements
    2. User identification and group mapping
    3. Cloud Identity Engine
      1. Setting up a directory sync in Azure
      2. Setting up a SCIM connector
      3. Adding CIE to Prisma Access
    4. User ID redistribution
      1. User ID collector in Strata Cloud Manager
      2. User ID collector in Panorama
      3. User ID agents on firewalls
    5. Summary
  19. Chapter 10: Advanced Configurations and Insights
    1. Licensing
    2. Cortex Data Lake
    3. Insights and ADEM
    4. Summary
  20. Chapter 11: ZTNA Connector
    1. Differences between the ZTNA connector and SC-CAN
    2. Preparing to deploy the ZTNA connector
    3. Setting up the ZTNA connector
    4. Setting up the connector VM
    5. Basic troubleshooting
    6. Summary
  21. Index
    1. Why subscribe?
  22. Other Books You May Enjoy
    1. Packt is searching for authors like you
    2. Share Your Thoughts
    3. Download a free PDF copy of this book

Product information

  • Title: Implementing Palo Alto Networks Prisma® Access
  • Author(s): Tom Piens Aka
  • Release date: May 2024
  • Publisher(s): Packt Publishing
  • ISBN: 9781835081006