Nile Service Block
Security
Palo Alto Prisma SSE Connectivity as a Service
4min
feature summary the new service capability facilitates resilient connectivity from nile service blocks to palo alto prisma access service pops for customer selected segments this enables customers to enhance security posture and protect users, devices (it/iot/ot), and applications from internet based threats the connectivity as a service is fully automated with minimal configuration and elmiinates the operational burden of setting up and maintaining the service connectivity it also helps customers ensure uniform security policies across remote and on premise users enabling sse connectivity customers interested in forwarding nile service block traffic to palo alto prisma access sevice first configure their prsima account credentails this is necessary for enabling nsb to fully automate the discovery of the prisma access pops, provisioning of secure connectivity using ipsec, and monitoring of the connectivity service, all without any further configuration the connectivity service is designed with resiliency built in, ensuring automated service recovery in the event of a failure the first step is configuring the prisma account credentials so a secure connection to prisma access apis can be established this can be done by going to global settings > integrations > setup integration with thrid party solutions > sse here you name the integration connector and identify palo alto networks as the provider another window will appear where account credentials can be entered, as shown below once the palo alto prisma access account credentials are added, a test of the api can be performed using the test option, prior to saving the account configuration once prisma access api access is configured, customers can configure security policies that can selectively forward traffic from any network segment from the nile service block directly to the prisma access service this is accomplshed by going to global settings > access engine > create rule > create external rule from there, administrators can select any segment for which traffic should be forwarded to prisma access, select all internet bound traffic, and then configure the forwarding behvaior in the event that the prisma access service becomes unavailable finally, the administrator can specify whether this rule should be active or inactive when activated, any flows orginated from the identified segment(s) will be forwarded over the secured ipsec tunnel to prisma access service resiliency in the connectivity as a service is automatically configured to automate recovery in the event of connectivity failure or service unavailability the below screenshot shows the creation of an external rule to forward the nile segment's traffic to prisma access when completed, the forwarding rule shows up in the list of external rules and can be edited or deleted the edit action will open up a screen where the rule can be updated, as well as an option to view rule log to view the rules log, select the view rule log option and a view of a fitlered rule log will appear