Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Implementing Palo Alto Networks Prisma® Access

You're reading from   Implementing Palo Alto Networks Prisma® Access Learn real-world network protection

Arrow left icon
Product type Paperback
Published in May 2024
Publisher Packt
ISBN-13 9781835081006
Length 346 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Tom Piens Aka 'Reaper' Tom Piens Aka 'Reaper'
Author Profile Icon Tom Piens Aka 'Reaper'
Tom Piens Aka 'Reaper'
Arrow right icon
View More author details
Toc

Table of Contents (17) Chapters Close

Preface 1. Part 1:Activate and Configure Prisma Access FREE CHAPTER
2. Chapter 1: Designing and Planning Prisma Access 3. Chapter 2: Activating Prisma Access 4. Chapter 3: Setting Up Service Infrastructure 5. Chapter 4: Deploying Service Connections 6. Part 2:Configure Mobile User and Remote Network Security Processing Nodes
7. Chapter 5: Configuring Remote Network SPNs 8. Chapter 6: Configuring Mobile User SPNs 9. Chapter 7: Securing Web Gateway 10. Chapter 8: Setting Up Your Security Policy 11. Part 3:Advanced Configuration and Best Practices
12. Chapter 9: User Identification and Cloud Identity Engine 13. Chapter 10: Advanced Configurations and Insights 14. Chapter 11: ZTNA Connector 15. Index 16. Other Books You May Enjoy

Considerations when using the SWG

While the explicit proxy SWG is an easy-to-deploy security enforcement solution, it does have some operational differences from MU-SPNs. Using the SWG will allow users and endpoints to connect from virtually anywhere via the TLS protocol, just like the MU-SPN. The connection uses TCP port 8080, where SAML authentication is used, or TCP port 8081, where Kerberos authentication is used. Consider that these ports need to be allowed from all locations that users are connecting from, and some networks may block these ports to prevent bypassing local security policies.

As you may have noticed in the previous paragraph, the SWG supports Kerberos and SAML authentication, whereas GlobalProtect can authenticate using many different protocols.

It is important to note that in contrast to its IPSec counterpart, GlobalProtect, the proxied method does not allow for network traffic other than HTTP/HTTPS and does not provide access to any other networks, resources...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image