Call a Specialist Today! 844-294-0778

Palo Alto Networks Prisma Access (SASE)
Cloud access security for branch offices, retail locations and mobile users

Palo Alto Networks Prisma Access (SASE)

Sorry, this product is no longer available, please contact us for a replacement.

Click here to jump to more pricing!


Global expansion, mobile workforces, and cloud computing are changing the ways organizations implement and deploy applications. Get the protection you need, where you need it, with Prisma™ Access. Prisma Access delivers a secure access service edge (SASE) that provides globally distributed networking and security to all your users and applications.

Whether at branch offices or on the go, your users connect to Prisma Access to safely access cloud and data center applications as well as the internet.

What Makes Prisma Access Different?

Prisma Access is designed to prevent successful cyberattacks, and that’s why it does more than just secure the web. To stop cyberattacks, it’s necessary to inspect all traffic. Anything short of full inspection of all traffic introduces a significant gap in security.

Prisma Access consistently protects all traffic, on all ports and from all applications, enabling your organization to:

  • Prevent successful cyberattacks with proven security philosophies and threat intelligence for deep visibility and precise control that extends across your organization.
  • Fully inspect all application traffic bidirectionally—including SSL/TLS-encrypted traffic—on all ports, whether communicating with the internet, with the cloud, or between branches.
  • Benefit from comprehensive threat intelligence powered by automated threat data from Palo Alto Networks and hundreds of third-party feeds.

Network as a Service Layer

Prisma Access provides consistent, secure access to all applications—in the cloud, in your data center, or on the internet.

Table 1: Secure Application Access Everywhere
  Branch office HQ/ Regional HQ Public cloud Private cloud/data center SaaS Web Internet
Branch/Remote network
Mobile user

Networking for Remote Networks

  • Connect branch offices to Prisma Access over a standard IPsec VPN tunnel using common IPsec-compatible devices, such as your existing branch router, SD-WAN edge device, or a third-party firewall.
  • Use Border Gateway Protocol (BGP) or static routes for routing from the branch.
  • Use equal cost multi-path (ECMP) routing for faster performance and better redundancy across multiple links.

Networking for Mobile Users

  • Connect mobile users with the GlobalProtect app, which supports user-based always-on, pre-logon always-on, and on-demand connections.
  • Use an always-on full tunnel for optimal security. Prisma Access supports split tunneling based on access route, perapp VPN split tunneling, and split tunneling based on lowrisk/high-bandwidth applications, such as streaming video.

Bandwidth Management

  • Enable application whitelisting and blocking policies with App-ID™ technology to free up the network from unnecessary, bandwidth-hogging applications.
  • Prioritize and shape the traffic handled by Prisma Access using quality of service (QoS) policies.


  • Take advantage of automated, centralized, cloud-scalable log storage.
  • Centralize your management and reporting.
  • Forward logs to your syslog server and/or security information and event management (SIEM) system.

Security as a Service Layer

Firewall as a Service
Prisma Access provides firewall as a service (FWaaS) that protects branch offices from threats while also providing the security services expected from a next-generation firewall. The full spectrum of FWaaS includes threat prevention, URL filtering, sandboxing, and more.

DNS Security
Prisma Access delivers our DNS Security service, which provides a combination of predictive analytics, machine learning, and automation to combat threats in DNS traffic. Organizations can block known malicious domains, predict new malicious domains, and stop DNS tunneling.

Threat Prevention
Using Prisma Access for threat prevention combines the proven technologies in the Palo Alto Networks platform, together with global sources of threat intelligence and automation, to stop previously known or unknown attacks.

Cloud Secure Web Gateway
Prisma Access for secure web gateway (SWG) functionality is designed to maintain visibility into all types of traffic while stopping evasions that can mask threats. Our web filtering capabilities also drive our credential theft prevention technology, which can stop corporate credentials from being sent to previously unknown sites.

Data Loss Prevention
Prisma Access combines integration with data loss prevention (DLP) controls that are API-driven (through Prisma SaaS) as well as in-line (through Prisma Access). These DLP policies allow organizations to categorize data and establish policies that prevent data loss.

Cloud Access Security Broker
Prisma Access and Prisma SaaS implement security controls that combine in-line security API security and contextual controls, acting as a cloud access security broker (CASB) to determine access to sensitive information. These controls are implemented in an integrated manner and applied throughout all cloud application policies.


Prisma Access supports two management options:

  • Panorama™ network security management for centralized administration across Palo Alto Networks Next-Generation Firewalls and Prisma Access.
  • Cloud management through a web-based interface with preconfiguredprofiles and streamlined workflows,using the Prisma Access app in the hub.

Pricing Notes: