Skip to main content

Palo Alto Prisma SASE

Home > Security > SASE > Palo Alto Prisma SASE

WHat is SASE?

Palo Alto Prisma SASE Prisma SASE Quickstart

SASE with the Granular Controls of a Firewall

Prisma SASE (formerly Prisma Access) combines VPN and WAN connectivity technologies with security controls as a cloud service. A good way to look at these services are as the combination of a highly-available cloud VPN and cloud firewall service.

A SASE service connects your users to your on-premises datacenters and cloud datacenters as well as SaaS services and other internet resources and secures them with next generation security services such as stateful firewalling, IPS, malware file scanning, SSL Decryption, DLP and more. On top of this, SASE solutions can often reduce latency to SaaS and other services due to high speed backhaul services and direct connections to SaaS providers.

SASE Built Around Your Needs

Palo Alto Networks offers mandatory-attach Quick Start service products for Prisma SASE. While a quality product, it is limited only to the Palo Alto Prisma SASE solution in the network. Our product is an alternative, Palo Alto-authorized, replacement for the Palo Alto Networks product.

SEE HOW WE CAN HELP YOU

WHAT TO EXPECT

Palo Alto & 3rd Party Device Configuration

  • Configure your existing VPN devices for VPN service into the Prisma Access SASE Solution. Crossconnect-supported devices include Palo Alto Networks, Cisco Systems, Fortinet, Juniper, and Meraki.
  • Migration from the legacy WAN deployment will often involve changing routing to work during the phase-in period.
  • Crossconnect will ensure that current WAN and VPN solutions integrate with Prisma SASE during the phase-in.
  • Crossconnect will create or migrate up to twenty security rules, compared to the Palo Alto Quick Start, which only migrates ten rules. Additional rules may be purchased as indicated below.
  • The ability to add on additional features is available, providing greater flexibility than the Palo Alto Quick Start.

Offerings

Crossconnect offers comparable service products to configure Prisma SASE in the same manner that the Palo Alto Quick Start services will, however, also adding the above additional features.

Each includes the following base-level service:

  • Kickoff call and project plan
  • 20 Security Policy Configurations
  • As-Built Document
  • Knowledge Transfer
  • Configuration of customer-owned devices.
  • Configure infrastructure addressing, BGP ASNs, and general settings for Prisma SASE.
  • Configure Dynamic Routing Protocols for all VPNs, if supported.
  • Configure Palo Alto “Iron Skillet” best practice settings for IPS/Threat Prevention,
  • Wildfire, and Antivirus profiles on all security rules.
  • Technical Requirements Document / High Level Design
  • Configuring the Prisma Access Panorama Cloud Plug-in, log forwarding to one
  • external syslog server, and a user-to-group mapping from Cloud Identity Engine (CIE)
  • or LDAP

Additional Core Options

  • Configure and onboard two remote networks or two service
  • connections or one of each
  • Configure and onboard four ZTNA Connectors with up to ten
  • application targets in total
  • Up to four cutovers outside business hours of two hours each

SASE Site Connectivity

includes the following base-level service & choice of two core options

Learn More

SASE Mobile User

includes the following base-level service, one core option, & one mobile user deployment

Learn More

SASE Enterprise

includes the following base-level service, three core options, one mobile user, deployment

Learn More

Add Ons

Crossconnect has 3 offerings to adopt Prisma SASE in your environment. We have also included a rich a-la-carte menu that allows you to pick additional, optional features specific to your usecase.

Most features identified above can be adopted at different complexity levels, and some customers may need more deployment effort than others. As such, limitations apply, and will be identified based upon the initial scoping call and initial statement of work. Any features not called out above or offered in additional features below may require a custom scoping and are not included in this product.

A La Carte Menu

Global Protect Portal – Gateway Client App Configurations: $3,300
Configure up to five Global Protect Portal Agent configurations or Global Global Protect Gateway Agent Client configurations or a combination of both adding up to 5 total.

Global Protect Gateway Configuration: $3,300
Configure up to two Global Protect Gateways (Internal/External)

Captive Portal: $3,960
Configure Captive Portal for mobile users and or Remote Networks. Configure up to five authentication policy rules. Configure one authentication method.

Host Information Profile (HIP) Configuration: $3,300
Configure up to five HIP objects, configure up to five HIP Profiles, apply HIP Profiles to five security rules.

User ID Redistribution: $2,640
Configure up to five HIP objects, configure up to five HIP Profiles, apply HIP Profiles to five security rules.

User ID User Mapping: $3,960
Configure up to two User-ID Agents (Windows or PAN-OS) for user mapping to learn from either: up to 10 AD Domain Controllers.

SSL Decryption: Outbound Forward Proxy: $9,990
Configure up to two decryption profiles and five decryption rules. Pilot testing with up to 100 users. Limit of pilot testing is 20 hours.

Custom URL Filtering: $3,960
Configure up to three URL Filtering profiles and three custom URL Categories. Each category with a maximum of 20 URLs each.

Remote Browser Isolation: $5,280
Configure Prisma Access native RBI. Configure RBI Infrastructure settings. Configure three additional Isolation Profiles in addition to the default. Adjust up to three existing URL Filtering profiles and up to three categories with isolation action.

App-ID Conversion: $5,280
App-ID Conversion for up to twenty-five existing security rules.

Security Rules Creation: $5,280
Create up to twenty-five Layer 7 security rules optionally with User-ID, App-ID, and

Security Rules Migration: $5,280
Migrate up to 50 Security Rules with Security Profiles

Panorama Deployment: $3,960
Deploy one Prisma Access Panorama with basic configuration

Additional Knowledge Transfer: $1,980
Perform two knowledge transfer sessions up

Additional Pilot Mobile Users On-Boarding: $6,600
Assist in on-boarding an additional one hundred pilot mobile users

Autonomous DEM for Users or for Remote Networks: $7,260
Configure ADEM portal with up to ten application tests and assign them up to twenty users or ten sites or a combination of both.

SASE Integration – Branch Connectivity to Prisma Access for Internet Access Security: $8,910
Configure up to two decryption profiles and five decryption rules. Pilot testing with up to 100 users. Limit of pilot testing is 20 hours.