This guide outlines the architectural design for securing internet access for mobile users via Tunnel Mode using GlobalProtect and Prisma Access. It focuses on routing all traffic—including internet-bound—through a secure IPsec tunnel to enforce consistent security policies. Key components include Cloud Identity Engine (CIE), App-ID for application visibility, User-ID, URL Filtering, DNS Security, WildFire, and Advanced Threat Prevention. The design ensures user authentication, malware detection, and DLP for remote and hybrid workforces. Deployment considerations include IP pool management, geo-location filtering, certificate handling, and integration with SASE-native management tools.

Join for free to read