The new service capability facilitates resilient connectivity from Nile Service Blocks to Palo Alto Prisma Access service PoPs for customer-selected segments. This enables customers to enhance security posture and protect users, devices (IT/IoT/OT), and applications from Internet-based threats. The connectivity-as-a-service is fully automated with minimal configuration and elmiinates the operational burden of setting up and maintaining the service connectivity. It also helps customers ensure uniform security policies across remote and on-premise users.

Customers interested in forwarding NIle Service Block traffic to Palo Alto Prisma Access sevice first configure their Prsima account credentails. This is necessary for enabling NSB to fully automate the discovery of the Prisma Access PoPs, provisioning of secure connectivity using IPsec, and monitoring of the connectivity service, all without any further configuration.  The connectivity service is designed with resiliency built-in, ensuring automated service recovery in the event of a failure.

The first step is configuring the Prisma account credentials so a secure connection to Prisma Access APIs can be established. This can be done by going to Global Settings -> Integrations -> Setup integration with thrid party solutions -> SSE. Here you name the integration connector and identify Palo Alto Networks as the Provider. Another window will appear where account credentials can be entered, as shown below.

Once the Palo Alto Prisma Access account credentials are added, a test of the API can be performed using the TEST option, prior to saving the account configuration.

Once Prisma Access API access is configured, customers can configure security policies that can selectively forward traffic from any network segment from the Nile Service Block directly to the Prisma Access service. This is accomplshed by going to Global Settings -> Access Engine -> Create Rule -> Create External Rule.  

From there, administrators can select any segment for which traffic should be forwarded to Prisma Access, select All Internet Bound Traffic, and then configure the forwarding behvaior in the event that the Prisma Access service becomes unavailable. 

Finally, the administrator can specify whether this rule should be Active or Inactive.  When activated, any flows orginated from the identified segment(s) will be forwarded over the secured IPsec tunnel to Prisma Access service.  Resiliency in the connectivity-as-a-service is automatically configured to automate recovery in the event of connectivity failure or service unavailability. 

The below screenshot shows the creation of an External Rule to forward the Nile Segment's traffic to Prisma Access.

When completed, the forwarding rule shows up in the list of External Rules and can be edited or deleted. The Edit action will open up a screen where the rule can be updated, as well as an option to View Rule Log.

To view the rules log, select the View Rule Log option and a view of a fitlered rule log will appear.

WIDS/WIPS

Palo Alto Prisma SSE Connectivity as a Service

Settings

save

test

specific

var_miha

new_var_2

new_mih_var

mih_var

testheight

available

testulet

testvar

This is a plain text that will be inserted in an expandable heading for using this raw as an exampl

altscenario

This is a plain text that will be inserted in an expandable heading for using this raw as an example

scenario

exemplu

variabila

Archbee

text

refresh_token

YourBank

MyBank

Zscaler SSE Connectivity-as-a-Service

Nile

Nile Access Service Docs

March 2025 Feature Update

December 2024 Feature Update

November 2024 Feature Updates

October 2024 Feature Updates

What is the Nile Access Service?

QoS within Nile Service Block

Nile's layer 3 only network: Transcending VLANS

Nile Access Service: Understanding Service Areas

Integrating Routers with the Nile Access Service

Passive Device Management and Handling (Wired)

Static IP management

Nile's Channel Planner - RF Optimization

Nile DHCP Integration

mDNS Handling in Nile's Layer 3 Network

Multicast on the Nile Access Service

Core Concepts

Nile Network Elements

Datasheets

Hardware and Scaling

Zero Trust Campus

Security

Migration Process and Strategies

Migration Topologies

Migration

Nile Service Block

Nile Guest Services Options

URL Filtering

Nile Guest Service

Nile Cloud DHCP

Nile Service Deployment Steps

RADIUS - Cisco Identity Service Engine (ISE)

Palo Alto Networks NGFW

Palo Alto Networks - XML API

Fortinet Fortigate FW

Velocloud SD-WAN

Nile Segments Mapping to FW Zones

Integrating Aruba Clearpass for Dynamic Segment Assigment

RADIUS - Aruba Clearpass

Microsoft NPS

Secure W2 Cloud RADIUS Integration

Azure Active Directory

Okta

LogicMonitor

Snowflake

Sumo Logic

Splunk SIEM

Version 1 - SIEM Event Schema

Nile SIEM Event Schema

Infoblox NIOS

Nile SLAs

Application Alerts

Client Device Alerts

Configure Nile Portal Alert notification emails

Customer Infrastructure Alerts

Nile Infrastructure Alerts

Nile Security Alerts

Nile Service Alerts

Configure Email Notifications

Integrating with Splunk Cloud

Splunk SIEM Integration

*New Nile Portal Alerts

View Devices and Device Details

Summary Dashboard Nile Portal Usage Metrics

Enhanced 911

Reports

Setup Service Areas

Setup DHCP

Setup Authentication

Setup Guest Portal

Setup Segments

Setup 802.1x SSID

Setup a PSK SSID

Setup Nile Captive Portal SSID

Setup a PSK SSO SSID

Setup Own Hosted Captive Portal SSID

Setup Wireless/SSID

Setup MAC Authentication

Configure Alerts

Nile Support Access

Allowed Domains

Setup Administrators

Transferring a root account

My Nile

Severity Based Notification Triggers

LED Status

Nile Device Inventory

Access Point Details

How to find serial numbers on Nile Service Block network elements

Access Switch/NSW1000 LED indicators

What do the colors of the Nile Access Point (AP) LED mean?

What is AQI (Air Quality Index) and how is it calculated?



What is AQI (Air Quality Index) and how is it calculated?

Configured device with Wireless 802.1X_ not able to connect

Clients not getting IP address

Can we block a wireless client via the dashboard?

How to access "my.nilesecure.com"

How to check the Wireless Clients location and Roaming information?

How to check Wireless Client Signal strength

Wireless Client connection history logs.

Wireless Intrusion Detection and Prevention in the Nile Access Service

Wireless Performance issue Troubleshooting

Wireless printer is not able to get an IP address but works fine with Wired connection