Remote entry, use the Source IP/Prefix that you configure on the Citrix side in a later task. The Local route of 0.0.0.0/0 means that all traffic (including internet traffic) from the Citrix SD-WAN that matches the remote subnet address (172.16.4.0/24 in this example) is protected by Prisma Access.
Full Answer
How do I connect to Prisma access from a remote location?
To connect your remote network locations to the Prisma Access service, you can use the Palo Alto Networks next-generation firewall or a third-party, IPSec-compliant device including SD-WAN, which can establish an IPsec tunnel to the service. The Citrix SD-WAN solution already provided the ability to break out Internet traffic from the branch.
What remote access options does Vava support?
VA supports remote access with two different applications 1. Citrix Access Gateway (CAG) and 2. CISCO RESCUE VPN Client. The Citrix Access Gateway is designed for users that do not have VA Government Furnished Equipment (GFE) – CAG is a good option to allow users access to general applications such as email and chat.
What is Citrix Workspace App?
Citrix Workspace app is the easy-to-install client software that provides seamless, secure access to everything you need to get work done. With this free download, you easily and securely get instant access to all applications, desktops and data from any device, including smartphones, tablets, PCs and Macs.
What is Citrix secure private access?
Citrix Secure Private Access offers end-to-end adaptive security for web, SaaS and virtual apps, as part of a zero-trust approach to BYOD security. This solution allows IT to understand the state of the end user devices, without having to enroll them in a mobile device management (MDM) solution.
Supported Software Versions and Requirements
To use this Solution Guide, you need a knowledge of SD-WAN routing principles.
Supported IKE and IPSec Cryptographic Profiles
You onboard your SD-WAN edge devices using a remote network connection between the edge device at the branch site, HQ, or hub to Prisma Access.
SD-WAN Deployment Architectures Supported by Citrix
Citrix supports the following deployment architectures for use with Prisma Access. a dash (—) indicates that the deployment is not supported.
How to authenticate Citrix?
In many cases, you open an appropriate URL in your browser to authenticate to your Citrix digital workspace with all your applications, desktops and data. At times, you may need to configure your account by entering your email or a server address to authenticate with Workspace app to use applications and virtual desktops. You can ask your system administrator for the steps to follow in your situation.
What is Citrix Workspace?
Citrix Workspace app is the easy-to-install client software that provides seamless, secure access to everything you need to get work done.
Does Citrix Workspace require backend infrastructure?
Citrix Workspace app requires a backend infrastructure to be correctly configured before you start using it. We recommend that you contact your system administrator or IT help desk. They have the necessary setup information required to resolve your questions.
Does Citrix Workspace replace Citrix Receiver?
Citrix Workspace app will automatically replace many previous versions of Citrix Receiver and the Citrix online plug-ins; However, some versions must be removed manually before you can install Citrix Workspace app.
Why is remote access important?
An access control solution that employees and stakeholders can use safely will simplify operations and increase productivity. Ensure employees have seamless access to the applications and resources they need even when they move across devices, and improve efficiency with the flexibility to store and access data securely.
What is workspace security?
Workspace security refers to the application of tools and solutions to protect sensitive data, networks, and access in digital workspaces without disrupting the user experience.
What is contextual network security?
A contextual network security solution can provide zero-trust functionality while enabling BYOD policies. With an on-premises connector, you can have a single control channel to the company’s environment. Your employees can connect to business web apps without the need for a VPN, improving security and user experience.
Why do companies need to have secure access to data?
With the increase of hybrid workforces, both remote and in-house employees need easy and secure access to applications and data. Companies cannot risk their data over dispersed devices without a central security system.
Is remote work here to stay?
Remote Work Is Here to Stay. After the COVID-19 pandemic, workers did not return to the office as quickly as expected and many businesses began moving to flexible schedules. These transitions to a hybrid workforce resulted in an increased attack surface as employees began to access company resources from more locations and on more devices.
How to request remote access VA?
You may request remote access by visiting the Remote Access Self Service Portal ( only available while on VA's internal network).
How to disable automatic server selection in VPN?
In the VPN tab of the setting screen, uncheck Enable automatic server selection. Close the settings.
Is PIV card reader site specific?
Today, the distribution of PIV card readers is site-specific. We are discussing the possibility of alternative distribution methods. If distribution processes or procedures change, we will provide updated instructions.
What is Prisma access?
Prisma Access service for remote networks allows you to onboard remote network locations and deliver security for users. It removes the complexity in configuring and managing devices at every remote location. The service provides an efficient way to easily add new remote network locations and minimize the operational challenges with ensuring that users at these locations are always connected and secure, and it allows you to manage policy centrally from Panorama for consistent and streamlined security for your remote network locations.
How to deploy a Prisma access site?
To deploy the sites, choose the PRISMA ACCESS network region and the SD-WAN site to be configured for the Prisma Access region, and then select the site WAN link, bandwidth, and application object for traffic selection.
What is a parent device group?
Parent Device Group — The Prisma Access service for remote networks requires you to specify a parent device group that includes your security policy, security profiles, and other policy objects (such as application groups and objects, and address groups), as well as authentication policy so that the Prisma Access service for remote networks can consistently enforce policy for traffic that is routed through the IPsec tunnel to the Prisma Access service for remote networks. You need to either define policy rules and objects on Panorama or use an existing device group to secure users in the remote network location.
How to redirect all internet traffic to Prisma Access?
You can choose to redirect all internet bound traffic to the PRISMA ACCESS service by selecting the All traffic option under the Application object selection.
What to do if you use an existing device group that references zones?
If you use an existing device group that references zones, make sure to add the corresponding template that defines the zones to the Remote_Network_Template_Stack.
Is Citrix translated?
The official version of this content is in English. Some of the Citrix documentation content is machine translated for your convenience only. Citrix has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Citrix product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Citrix, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Citrix will not be held responsible for any damage or issues that may arise from using machine-translated content.
Is Citrix SD-WAN reliable?
The Citrix SD-WAN solution already provided the ability to break out Internet traffic from the branch. This is critical to delivering a more reliable, low-latency user experience, while avoiding the introduction of an expensive security stack at each branch. Citrix SD-WAN and Palo Alto Networks now offer distributed enterprises a more reliable and secure way to connect users in branches to applications in the cloud.