How can you configure Prisma Access to provide the same level of access as the current VPN solution?

A customer is replacing their legacy remote access VPN solution The current solution is in place to secure only internet egress for the connected clients Prisma Access has been selected to replace the current remote access VPN solution During onboarding the following options and licenses were selected and enabled

– Prisma Access for Remote Networks 300Mbps

– Prisma Access for Mobile Users 1500 Users

– Cortex Data Lake 2TB

– Trusted Zones trust

– Untrusted Zones untrust

– Parent Device Group shared

How can you configure Prisma Access to provide the same level of access as the current VPN solution?
A . Configure mobile users with trust-to-untrust Security policy rules to allow the desired traffic outbound to the internet
B. Configure mobile users with a service connection and trust-to-trust Security policy rules to allow the desired traffic outbound to the internet
C. Configure remote networks with a service connection and trust-to-untrust Security policy rules to allow the desired traffic outbound to the internet
D. Configure remote networks with trust-to-trust Security policy rules to allow the desired traffic outbound to the internet

View Answer

Answer: A

Explanation:

To provide the same level of access as the current VPN solution, which is to secure only Internet egress for the connected clients, you can configure mobile users with trust-to-untrust Security policy rules to allow the desired traffic outbound to the Internet. This way, the mobile users will be assigned an IP address from a pool that belongs to the trust zone, and they will be able to access the Internet through Prisma Access using a gateway that belongs to the untrust zone1. You do not need to configure a service connection for this scenario, as a service connection is used to enable access between mobile users and

remote networks or private apps2. You also do not need to configure trust-to-trust Security policy rules, as they are used to enable access between mobile users and other trusted resources3.

References:

1: https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama-admin/prepare-the-prisma-access-infrastructure/service-connection-overview/create-a-service-connection-to-enable-access-between-users-and-networks

2: https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-cloud-managed-admin/prisma-access-service-connections

3: https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-cloud-managed-admin/prisma-access-mobile-users/mobile-users-globalprotect/globalprotect-features-for-prisma-access.html