Client-based VPN solutions like GlobalProtect provide full coverage for the mobile workforce by extending the enterprise security stack to remote endpoints. It establishes a secure tunnel, allowing consistent security policies across the enterprise perimeter and the mobile workforce.

“GlobalProtect is a client-based VPN that provides secure, consistent protection for mobile users by extending the security capabilities of Prisma Access to remote endpoints, covering all network protocols.”

(Source: GlobalProtect Admin Guide)

To create custom Prisma Access reports within SCM , you first configure a dashboard that aggregates the relevant logs and analytics. This allows you to define the data points you want to include.

“Dashboards in SCM can be customized to include Prisma Access data sources, enabling you to create and generate reports that meet specific business and security requirements.”

(Source: SCM Dashboards and Reporting)

Once configured, you can export the dashboard as a custom report .

“Use the dashboard’s data visualization to create custom reports for Prisma Access, which can be exported as PDFs for distribution.”

(Source: SCM Report Customization)

Cloud NGFW Security Policies in the AWS Console are evaluated in the exact creation order – they do not have explicit rule priority fields.

“In AWS, security rules are evaluated in the order they are created. To ensure the correct evaluation logic, create them in the desired order from top to bottom.”

(Source: Cloud NGFW for AWS Policy Evaluation)

Unlike Panorama, AWS-native management of Cloud NGFWs uses creation order as the evaluation sequence.

To fully leverage inline cloud analysis in Advanced Threat Prevention, security profiles (e.g., anti-spyware) must be updated or newly created to enable local deep learning and inline cloud analysis models.

“To activate inline cloud analysis, update your Anti-Spyware profile to enable advanced inline detection engines, including deep learning-based models and cloud-delivered signatures.”

(Source: Inline Cloud Analysis and Deep Learning)

This ensures real-time protection from sophisticated threats beyond static signatures.

When using AWS centralized deployments for Cloud NGFW, the service deploys NGFW instances into selected VPCs as additional workloads to secure that traffic.

“In centralized deployments, Cloud NGFW instances are deployed as security appliances within the selected VPCs, ensuring consistent traffic inspection and protection.”

(Source: Cloud NGFW Deployment Models)

This approach minimizes complexity and ensures direct security policy enforcement within AWS.

The best practice for Prisma Access data plane upgrades involves backing up configurations, scheduling upgrades during off-peak hours, and using a phased approach to minimize disruption and maintain continuity. As per the Palo Alto Networks documentation:

“To minimize disruptions, it is recommended to perform Prisma Access upgrades during non-business hours and in a phased manner, starting with less critical sites to validate the process before moving to critical locations. Backup configurations and validate the system’s readiness to avoid data loss and maintain service continuity.”

(Source: Prisma Access Best Practices)

Panorama allows engineers to create custom reports and generate PDF summary formats for consistent reporting across NGFWs.

Custom Reports

“Custom Reports provide tailored reporting based on URL categories, application usage, and threat visibility. They are generated within Panorama and can include data on newly categorized AI URL types.”

(Source: Panorama Reports)

PDF Summaries

“You can generate PDF summary reports to distribute these insights across branch firewalls, providing an easy-to-read format for compliance and operational review.”

(Source: Export Reports as PDF)

Together, these options provide a consistent, standardized method to push insights about AI-based URL categories to branch devices.

Virtual systems provide logical separation in a single physical firewall, allowing different customers (or tenants) to have isolated control and security policies .

“Virtual systems enable service providers to offer logically separated, independent environments on a single firewall. Each virtual system can have its own security policies, interfaces, and administrators.”

(Source: Virtual Systems)

This ensures secure, tenant-specific segmentation within multi-tenant environments.

To prevent SYN flood attacks , the NGFW uses SYN cookies to validate legitimate session establishment.

“SYN cookies allow the firewall to verify the legitimacy of new session requests without allocating resources until the handshake is completed. This prevents SYN flood attacks from exhausting system resources.”

(Source: Flood Protection Best Practices)

SYN cookies mitigate resource exhaustion by ensuring only legitimate connections are established.

An ALG is designed to inspect and modify the payload of application-layer protocols (like SIP, FTP, etc.) to manage dynamic port allocations and session information.

“Application Layer Gateways (ALGs) inspect the payload of certain protocols to dynamically manage sessions that use dynamic port assignments. By modifying payloads, the ALG ensures that NAT and security policies are correctly applied.”

(Source: ALG Support)