SlideShare a Scribd company logo

Demystifying Prisma Access

H
Haris Chughtai

Understanding Palo Alto Prisma Access

Technology
1 of 7
Download to read offline
Haris Chughtai Oct 2020
Palo Alto PRISMA Access  Prisma Access is a globally distributed cloud service from Palo Alto Networks that scales automatically to provision remote employees & office locations with the capacities they need.  Prisma comes with the same security features as PAN next-generation firewalls without having to deploy a completely new infrastructure. This enables companies to efficiently maintain business continuity as Prisma Access automatically scales up where extra capacity is required.  Prisma is PAN’s Secure Access Service Edge (SASE) to provide secure connectivity to Remote Networks as well as Mobile Users  Cloud based Platform geographically dispersed across 100+ locations in 75+ countries across the globe (hosted in GCP)  Prisma can be used for Sites as well as for Remote-Users to provides:  Security as a Service Layer  Network as a Service Layer  Potential use cases includes:  Site-to-Site Traffic  Remote_User-to-Site Traffic  Site & Remote to Internet Traffic 1
Prisma Access Features • License for Panorama required • No license for Prisma Access Panorama plugin • Prisma Access does not count against the Panorama device license MANAGEMENT • URL Filtering • Threat Prevention • WildFire • Host Information Profile • DNS Security SECURITY INCLUDED • Cortex XDR for Logging • Data Loss Prevention (DLP) • Prisma SaaS • Auto Focus SECURITY SUBSCRIPTION REQD • Remote Network License • Mobile Users License LICENSES 2
Prisma Service Components 3 • Connects central site such as DC to Prisma Access using IPSec Tunnel to connect Management Serves • As of Oct 2020 SC links are not rate-limited & not counted towards Prisma subscribed BW • SC can not originate a connection to the Internet SC Service Connection • CAN are deployed with each SC & used to route traffic to Prisma Access connected destination • CAN does not enforce any security policy CAN Corporate Access Node • SPNs are used to terminate VPN tunnels and inspect & secure traffic from remote sites • SPNs are automatically deployed when Remote Networks are on-boarded • SPNs are based on a fault-tolerant, HA based design within each location which scales dynamically as needed SPN Security Processing Node • Gateway Security Processing Nodes are similar in functionality as SPN expect that they are to provide security to Mobile users GW Gateway Node
CDL Typical Implementation Steps 4  Service Connection is on-boarded which will provision a Corporate Access Node (CAN)  Remote Networks (RN) are on-boarded which will provision Security Processing Nodes (SPN) which scales dynamically  Mobile users are on-boarded which will provision one or more Gateway Security Processing Node (GW)  Full mesh connectivity is established automatically for trusted & untrusted traffic flows  Site-to-Site Traffic  Remote_User-to-Site Traffic  Site & Remote to Internet Traffic  Logs are forwarded to centralized Cortex Data Lake (CDL) PRISMA ACCESS DC SC SPN CAN SPN SPN INTERNET GW Mobile Users
PRISMA RACI PRISMACUSTOMER 5
Architecture Notes  Prisma comes with a concept of a TENANT (customer) having multiple sites  Tenant must subscribe to a PRISMA BW, tenant subscribed BW can be divided across its different sites  Each site will be limited to the BW allocated, site unused idle BW can not be used for other sites  Prisma BW is symmetric i.e 100MB on a site refers to 100MB up + 100MB down. If SSL decryption is used then this is the BW of decrypted traffic that Prisma will send to client site  Prisma FW policies are applied at each Remote Network connection  Separate subscriptions are required for Mobile users and Remote Networks • Example: 200MB PRISMA Tenant BW divided into sties: • 1 HO: 100MB (100 up + 100 down) • 2 BRANCHES: 50 MB (50 up + 50 down) each • 1 DC (Service Connection): Currently SC don’t count against PRISMA subscribed BW but it is likely to be changed by PAN in future by introducing separate SKU 6

Recommended

Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoPrime Infoserv
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020Guido Marchetti
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explainedrtp2009
 
Zero Trust
Zero TrustZero Trust
Zero TrustBoaz Shunami
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero TrustDavid J Rosenthal
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYMaganathin Veeraragaloo
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security DemystifiedMichael Torres
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)danb02
 

Recommended

Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoPrime Infoserv
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020Guido Marchetti
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explainedrtp2009
 
Zero Trust
Zero TrustZero Trust
Zero TrustBoaz Shunami
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero TrustDavid J Rosenthal
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYMaganathin Veeraragaloo
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security DemystifiedMichael Torres
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)danb02
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Zscaler
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelDavid J Rosenthal
 
Palo Alto Networks authentication
Palo Alto Networks authenticationPalo Alto Networks authentication
Palo Alto Networks authenticationAlberto Rivai
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
EDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onEDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onJustin Henderson
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture AddWeb Solution Pvt. Ltd.
 
3 palo alto ngfw architecture overview
3 palo alto ngfw architecture overview3 palo alto ngfw architecture overview
3 palo alto ngfw architecture overviewMostafa El Lathy
 
Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Cloudflare
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access managementVandana Verma
 
Palo alto networks product overview
Palo alto networks product overviewPalo alto networks product overview
Palo alto networks product overviewBelsoft
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access Er. Ajay Sirsat
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security Tripwire
 
11 palo alto user-id concepts
11 palo alto user-id concepts11 palo alto user-id concepts
11 palo alto user-id conceptsMostafa El Lathy
 
CyberArk
CyberArkCyberArk
CyberArkJimmy Sze
 
The Essentials | Privileged Access Management
The Essentials | Privileged Access ManagementThe Essentials | Privileged Access Management
The Essentials | Privileged Access ManagementRyan Gallavin
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architectureHybrid IT Europe
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model PresentationGowdhaman Jothilingam
 
4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptxaungyekhant1
 
4 palo alto licenses
4 palo alto licenses4 palo alto licenses
4 palo alto licensesMostafa El Lathy
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
Enterprise Network Transformation Powered by OrangeX, with Nokia Nuage and AW...
Enterprise Network Transformation Powered by OrangeX, with Nokia Nuage and AW...Enterprise Network Transformation Powered by OrangeX, with Nokia Nuage and AW...
Enterprise Network Transformation Powered by OrangeX, with Nokia Nuage and AW...Amazon Web Services
 
Discover the Power of ThousandEyes on Your Meraki MX
Discover the Power of ThousandEyes on Your Meraki MXDiscover the Power of ThousandEyes on Your Meraki MX
Discover the Power of ThousandEyes on Your Meraki MXThousandEyes
 

More Related Content

What's hot

Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Zscaler
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelDavid J Rosenthal
 
Palo Alto Networks authentication
Palo Alto Networks authenticationPalo Alto Networks authentication
Palo Alto Networks authenticationAlberto Rivai
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
EDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onEDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onJustin Henderson
 
3 palo alto ngfw architecture overview
3 palo alto ngfw architecture overview3 palo alto ngfw architecture overview
3 palo alto ngfw architecture overviewMostafa El Lathy
 
Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Cloudflare
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access managementVandana Verma
 
Palo alto networks product overview
Palo alto networks product overviewPalo alto networks product overview
Palo alto networks product overviewBelsoft
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access Er. Ajay Sirsat
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security Tripwire
 
11 palo alto user-id concepts
11 palo alto user-id concepts11 palo alto user-id concepts
11 palo alto user-id conceptsMostafa El Lathy
 
The Essentials | Privileged Access Management
The Essentials | Privileged Access ManagementThe Essentials | Privileged Access Management
The Essentials | Privileged Access ManagementRyan Gallavin
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architectureHybrid IT Europe
 
4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptxaungyekhant1
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 

What's hot (20)

Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
 
Palo Alto Networks authentication
Palo Alto Networks authenticationPalo Alto Networks authentication
Palo Alto Networks authentication
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
 
EDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onEDR vs SIEM - The fight is on
EDR vs SIEM - The fight is on
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
 
3 palo alto ngfw architecture overview
3 palo alto ngfw architecture overview3 palo alto ngfw architecture overview
3 palo alto ngfw architecture overview
 
Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access management
 
Palo alto networks product overview
Palo alto networks product overviewPalo alto networks product overview
Palo alto networks product overview
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
 
11 palo alto user-id concepts
11 palo alto user-id concepts11 palo alto user-id concepts
11 palo alto user-id concepts
 
CyberArk
CyberArkCyberArk
CyberArk
 
The Essentials | Privileged Access Management
The Essentials | Privileged Access ManagementThe Essentials | Privileged Access Management
The Essentials | Privileged Access Management
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architecture
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
 
4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx
 
4 palo alto licenses
4 palo alto licenses4 palo alto licenses
4 palo alto licenses
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
 

Similar to Demystifying Prisma Access

Enterprise Network Transformation Powered by OrangeX, with Nokia Nuage and AW...
Enterprise Network Transformation Powered by OrangeX, with Nokia Nuage and AW...Enterprise Network Transformation Powered by OrangeX, with Nokia Nuage and AW...
Enterprise Network Transformation Powered by OrangeX, with Nokia Nuage and AW...Amazon Web Services
 
Discover the Power of ThousandEyes on Your Meraki MX
Discover the Power of ThousandEyes on Your Meraki MXDiscover the Power of ThousandEyes on Your Meraki MX
Discover the Power of ThousandEyes on Your Meraki MXThousandEyes
 
Extend mobility to remote branch networks with Aruba's new cloud services con...
Extend mobility to remote branch networks with Aruba's new cloud services con...Extend mobility to remote branch networks with Aruba's new cloud services con...
Extend mobility to remote branch networks with Aruba's new cloud services con...Aruba, a Hewlett Packard Enterprise company
 
Maximizing SD-WAN Architecture with Service Chaining - VeloCloud
Maximizing SD-WAN Architecture with Service Chaining - VeloCloudMaximizing SD-WAN Architecture with Service Chaining - VeloCloud
Maximizing SD-WAN Architecture with Service Chaining - VeloCloudVeloCloud Networks, Inc.
 
Understanding Cisco Next Generation SD-WAN Solution
Understanding Cisco Next Generation SD-WAN SolutionUnderstanding Cisco Next Generation SD-WAN Solution
Understanding Cisco Next Generation SD-WAN SolutionCisco Canada
 
CloudGenix_Customer Presentation
CloudGenix_Customer PresentationCloudGenix_Customer Presentation
CloudGenix_Customer PresentationSyed Arsalan
 
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco Canada
 
F5 Solutions for Service Providers
F5 Solutions for Service ProvidersF5 Solutions for Service Providers
F5 Solutions for Service ProvidersBAKOTECH
 
TechWiseTV Workshop: Cisco SD-WAN
TechWiseTV Workshop: Cisco SD-WANTechWiseTV Workshop: Cisco SD-WAN
TechWiseTV Workshop: Cisco SD-WANRobb Boyd
 
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...BGA Cyber Security
 
Nuage meetup - Flexible and agile Software Defined Networking (SDN)
Nuage meetup - Flexible and agile Software Defined Networking (SDN)Nuage meetup - Flexible and agile Software Defined Networking (SDN)
Nuage meetup - Flexible and agile Software Defined Networking (SDN)SDN_Paris
 
Migrating your it policies to the cloud
Migrating your it policies to the cloudMigrating your it policies to the cloud
Migrating your it policies to the cloudSriram Narayanan
 
A10 Networks: Delivering Data Center to Data Center communications securely
A10 Networks: Delivering Data Center to Data Center communications securelyA10 Networks: Delivering Data Center to Data Center communications securely
A10 Networks: Delivering Data Center to Data Center communications securelyDavid Ayoub
 

Similar to Demystifying Prisma Access (20)

Enterprise Network Transformation Powered by OrangeX, with Nokia Nuage and AW...
Enterprise Network Transformation Powered by OrangeX, with Nokia Nuage and AW...Enterprise Network Transformation Powered by OrangeX, with Nokia Nuage and AW...
Enterprise Network Transformation Powered by OrangeX, with Nokia Nuage and AW...
 
Discover the Power of ThousandEyes on Your Meraki MX
Discover the Power of ThousandEyes on Your Meraki MXDiscover the Power of ThousandEyes on Your Meraki MX
Discover the Power of ThousandEyes on Your Meraki MX
 
Secure Your Network for Scale & the Cloud
Secure Your Network for Scale & the CloudSecure Your Network for Scale & the Cloud
Secure Your Network for Scale & the Cloud
 
Sangfor SSL VPN Brochure
Sangfor SSL VPN BrochureSangfor SSL VPN Brochure
Sangfor SSL VPN Brochure
 
Extend mobility to remote branch networks with Aruba's new cloud services con...
Extend mobility to remote branch networks with Aruba's new cloud services con...Extend mobility to remote branch networks with Aruba's new cloud services con...
Extend mobility to remote branch networks with Aruba's new cloud services con...
 
Maximizing SD-WAN Architecture with Service Chaining - VeloCloud
Maximizing SD-WAN Architecture with Service Chaining - VeloCloudMaximizing SD-WAN Architecture with Service Chaining - VeloCloud
Maximizing SD-WAN Architecture with Service Chaining - VeloCloud
 
Understanding Cisco Next Generation SD-WAN Solution
Understanding Cisco Next Generation SD-WAN SolutionUnderstanding Cisco Next Generation SD-WAN Solution
Understanding Cisco Next Generation SD-WAN Solution
 
CloudGenix_Customer Presentation
CloudGenix_Customer PresentationCloudGenix_Customer Presentation
CloudGenix_Customer Presentation
 
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
 
cloud computing
cloud computingcloud computing
cloud computing
 
Getting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallGetting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewall
 
Jvvnl 071108
Jvvnl 071108Jvvnl 071108
Jvvnl 071108
 
F5 Solutions for Service Providers
F5 Solutions for Service ProvidersF5 Solutions for Service Providers
F5 Solutions for Service Providers
 
TechWiseTV Workshop: Cisco SD-WAN
TechWiseTV Workshop: Cisco SD-WANTechWiseTV Workshop: Cisco SD-WAN
TechWiseTV Workshop: Cisco SD-WAN
 
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
 
Nuage meetup - Flexible and agile Software Defined Networking (SDN)
Nuage meetup - Flexible and agile Software Defined Networking (SDN)Nuage meetup - Flexible and agile Software Defined Networking (SDN)
Nuage meetup - Flexible and agile Software Defined Networking (SDN)
 
Migrating your it policies to the cloud
Migrating your it policies to the cloudMigrating your it policies to the cloud
Migrating your it policies to the cloud
 
Cloud introduction
Cloud introductionCloud introduction
Cloud introduction
 
A10 Networks: Delivering Data Center to Data Center communications securely
A10 Networks: Delivering Data Center to Data Center communications securelyA10 Networks: Delivering Data Center to Data Center communications securely
A10 Networks: Delivering Data Center to Data Center communications securely
 
Module 3-cloud computing
Module 3-cloud computingModule 3-cloud computing
Module 3-cloud computing
 

More from Haris Chughtai

Cybersecurity Interview Preparation Questions.pdf
Cybersecurity Interview Preparation Questions.pdfCybersecurity Interview Preparation Questions.pdf
Cybersecurity Interview Preparation Questions.pdfHaris Chughtai
 
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdfISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdfHaris Chughtai
 
Cybersecurity Fundamental Course by Haris Chughtai.pdf
Cybersecurity Fundamental Course by Haris Chughtai.pdfCybersecurity Fundamental Course by Haris Chughtai.pdf
Cybersecurity Fundamental Course by Haris Chughtai.pdfHaris Chughtai
 
Cybersecurity Free Tools for Practice Project.pdf
Cybersecurity Free Tools for Practice Project.pdfCybersecurity Free Tools for Practice Project.pdf
Cybersecurity Free Tools for Practice Project.pdfHaris Chughtai
 
Networking Fundamental Course by Haris Chughtai
Networking Fundamental Course by Haris ChughtaiNetworking Fundamental Course by Haris Chughtai
Networking Fundamental Course by Haris ChughtaiHaris Chughtai
 
SDWAN vs MPLS: What Enterprises need?
SDWAN vs MPLS: What Enterprises need?SDWAN vs MPLS: What Enterprises need?
SDWAN vs MPLS: What Enterprises need?Haris Chughtai
 
Emerging Telecom Technologies - Muhammad Haris Chughtai
Emerging Telecom Technologies - Muhammad Haris Chughtai Emerging Telecom Technologies - Muhammad Haris Chughtai
Emerging Telecom Technologies - Muhammad Haris Chughtai Haris Chughtai
 

More from Haris Chughtai (8)

Cybersecurity Interview Preparation Questions.pdf
Cybersecurity Interview Preparation Questions.pdfCybersecurity Interview Preparation Questions.pdf
Cybersecurity Interview Preparation Questions.pdf
 
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdfISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
 
Cybersecurity Fundamental Course by Haris Chughtai.pdf
Cybersecurity Fundamental Course by Haris Chughtai.pdfCybersecurity Fundamental Course by Haris Chughtai.pdf
Cybersecurity Fundamental Course by Haris Chughtai.pdf
 
Cybersecurity Free Tools for Practice Project.pdf
Cybersecurity Free Tools for Practice Project.pdfCybersecurity Free Tools for Practice Project.pdf
Cybersecurity Free Tools for Practice Project.pdf
 
Networking Fundamental Course by Haris Chughtai
Networking Fundamental Course by Haris ChughtaiNetworking Fundamental Course by Haris Chughtai
Networking Fundamental Course by Haris Chughtai
 
Understanding SASE
Understanding SASE Understanding SASE
Understanding SASE
 
SDWAN vs MPLS: What Enterprises need?
SDWAN vs MPLS: What Enterprises need?SDWAN vs MPLS: What Enterprises need?
SDWAN vs MPLS: What Enterprises need?
 
Emerging Telecom Technologies - Muhammad Haris Chughtai
Emerging Telecom Technologies - Muhammad Haris Chughtai Emerging Telecom Technologies - Muhammad Haris Chughtai
Emerging Telecom Technologies - Muhammad Haris Chughtai
 

Recently uploaded

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 

Recently uploaded (20)

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 

Demystifying Prisma Access

  • 2. Palo Alto PRISMA Access  Prisma Access is a globally distributed cloud service from Palo Alto Networks that scales automatically to provision remote employees & office locations with the capacities they need.  Prisma comes with the same security features as PAN next-generation firewalls without having to deploy a completely new infrastructure. This enables companies to efficiently maintain business continuity as Prisma Access automatically scales up where extra capacity is required.  Prisma is PAN’s Secure Access Service Edge (SASE) to provide secure connectivity to Remote Networks as well as Mobile Users  Cloud based Platform geographically dispersed across 100+ locations in 75+ countries across the globe (hosted in GCP)  Prisma can be used for Sites as well as for Remote-Users to provides:  Security as a Service Layer  Network as a Service Layer  Potential use cases includes:  Site-to-Site Traffic  Remote_User-to-Site Traffic  Site & Remote to Internet Traffic 1
  • 3. Prisma Access Features • License for Panorama required • No license for Prisma Access Panorama plugin • Prisma Access does not count against the Panorama device license MANAGEMENT • URL Filtering • Threat Prevention • WildFire • Host Information Profile • DNS Security SECURITY INCLUDED • Cortex XDR for Logging • Data Loss Prevention (DLP) • Prisma SaaS • Auto Focus SECURITY SUBSCRIPTION REQD • Remote Network License • Mobile Users License LICENSES 2
  • 4. Prisma Service Components 3 • Connects central site such as DC to Prisma Access using IPSec Tunnel to connect Management Serves • As of Oct 2020 SC links are not rate-limited & not counted towards Prisma subscribed BW • SC can not originate a connection to the Internet SC Service Connection • CAN are deployed with each SC & used to route traffic to Prisma Access connected destination • CAN does not enforce any security policy CAN Corporate Access Node • SPNs are used to terminate VPN tunnels and inspect & secure traffic from remote sites • SPNs are automatically deployed when Remote Networks are on-boarded • SPNs are based on a fault-tolerant, HA based design within each location which scales dynamically as needed SPN Security Processing Node • Gateway Security Processing Nodes are similar in functionality as SPN expect that they are to provide security to Mobile users GW Gateway Node
  • 5. CDL Typical Implementation Steps 4  Service Connection is on-boarded which will provision a Corporate Access Node (CAN)  Remote Networks (RN) are on-boarded which will provision Security Processing Nodes (SPN) which scales dynamically  Mobile users are on-boarded which will provision one or more Gateway Security Processing Node (GW)  Full mesh connectivity is established automatically for trusted & untrusted traffic flows  Site-to-Site Traffic  Remote_User-to-Site Traffic  Site & Remote to Internet Traffic  Logs are forwarded to centralized Cortex Data Lake (CDL) PRISMA ACCESS DC SC SPN CAN SPN SPN INTERNET GW Mobile Users
  • 7. Architecture Notes  Prisma comes with a concept of a TENANT (customer) having multiple sites  Tenant must subscribe to a PRISMA BW, tenant subscribed BW can be divided across its different sites  Each site will be limited to the BW allocated, site unused idle BW can not be used for other sites  Prisma BW is symmetric i.e 100MB on a site refers to 100MB up + 100MB down. If SSL decryption is used then this is the BW of decrypted traffic that Prisma will send to client site  Prisma FW policies are applied at each Remote Network connection  Separate subscriptions are required for Mobile users and Remote Networks • Example: 200MB PRISMA Tenant BW divided into sties: • 1 HO: 100MB (100 up + 100 down) • 2 BRANCHES: 50 MB (50 up + 50 down) each • 1 DC (Service Connection): Currently SC don’t count against PRISMA subscribed BW but it is likely to be changed by PAN in future by introducing separate SKU 6