Home / cybersecurity / Mobile users / MU / Paloalto / Prisma Access / SASE / secuirty / Prisma Access : What is Mobile User (MU) ?

Prisma Access : What is Mobile User (MU) ?

September 23, 2025 , , , , , ,

Prisma Access : What is Mobile User (MU) ?

Mobile User (MU) is any endpoint user who connects to cloud-managed Prisma Access security services through GlobalProtect or an Explicit Proxy, with their traffic terminating on a Mobile User Security Processing Node (MU-SPN) managed by Palo Alto Networks.

More to read:
Prisma Access : What is Remote Networks (RN) ?
Prisma Access : What is Service Connections (SC) ?

Prisma Access : What is Mobile User (MU) ?

Mobile users require reliable security to access data centers and cloud applications from any location, with connections automatically routed to the nearest Prisma Access Gateway for policy enforcement. The system is designed to scale dynamically in response to changes in demand and traffic patterns.

Access policies can leverage host information profiles (HIP), allowing for more detailed security controls based on device attributes like operating system, patch status, and the presence of mandatory endpoint software when accessing sensitive resources.

The GlobalProtect portal serves as the central management hub for the GlobalProtect infrastructure. It delivers configuration details to endpoints, such as information on accessible gateways and the GlobalProtect application software for both macOS and Windows devices.

The GlobalProtect App operates on endpoints such as desktops, laptops, tablets, or smartphones to safeguard users by enforcing the same security policies that protect critical corporate network resources. 

When configured for always-on mode, the GlobalProtect app can identify whether it is within the network through Internal Host Detection. This feature enables the app to bypass establishing an IPSec/SSL tunnel and instead utilize an Internal Gateway for User-ID. 

MU-SPN (Mobile User Security Processing Node)

The MU-SPN serves as a cloud-based firewall node that terminates mobile user VPN sessions. Its key functions include:
  • Directing traffic from the user endpoint to cloud or data center resources
  • Performing source IP address translation to ensure proper return traffic flow
  • Automatically scaling to accommodate global fluctuations in demand
  • Implementing security policies defined by the organization via Panorama or Strata Cloud Manager

Connection Methods

Mobile users have two primary options for connecting:
GlobalProtect App: Available for laptops, smartphones, and tablets, this app supports multiple modes of operation:
  • Tunnel Mode: Encrypts traffic from all applications and protocols, ensuring consistent application of security measures such as malware protection, URL filtering, and device compliance checks (HIP) regardless of the user's location.
  • Proxy Mode: Directs only web traffic through Prisma Access, ideal when a third-party VPN client manages access to private applications.
  • Combined Mode: Uses tunnel mode for private applications and proxy mode for internet and SaaS traffic, enhancing latency and overall performance.