Palo Alto Networks Prisma Access

  • Updated on Nov 5, 2024
  • Published on Feb 28, 2023
  • 2 minute(s) read
Prev Next

Prisma Access SASE from Palo Alto Networks converges network security, SD-WAN, and autonomous digital experience management in the cloud to provide a secure access service edge.

Note:

This adapter is not supported if your Palo Alto Networks Prisma Access product is being hosted/managed by the Palo Alto Panorama service.

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Devices
  • Users

Parameters

  1. Host Name or IP Address (required, default: https://api.sase.paloaltonetworks.com) - The hostname or IP address of the Palo Alto Networks Prisma Access server.

  2. Client ID and Client Secret (required) - Refer to Service Accounts for information of how to create a Service Account.

  3. Tenant Service Group ID (required) - Refer to Tenant Service Groups for information of how to obtain the Service Group ID.

  4. Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.

  5. HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.

  6. HTTPS Proxy User Name (optional) - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.

  7. HTTPS Proxy Password (optional) - The password to use when connecting to the server using the HTTPS Proxy.

To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

PaloAltoPrimsAccess


Advanced Settings

Note:

Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters.

  1. Folder List (required, default: true) - The folder from which you want to fetch Users and Devices. Can be one or more of the following: Shared, Mobile Users, Remote Networks, Service Connections, Mobile Users Container, Mobile Users Explicit Proxy.
  2. Fetch Global Protect Users - Select this option to fetch Global Protect connected users.
Note:

To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.


APIs

Axonius uses the following APIs:


Required Ports

Axonius must be able to communicate with the value supplied in Host Name or IP Address via the following ports:

  • TCP port 443

Required Permissions

Service Account should be assigned at least the “auditor” role in order to fetch assets.

Supported From Version

Supported from Axonius version 4.8


Related articles