https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-enabling-always-on/m-p/1226204#M6670 <P>Hi Team , I am planning to implement&nbsp;Always on Global protect client 6.0 , so would like to know the best practices in implementations and how can i plan the implementation phase ?&nbsp;</P> <P>&nbsp;</P> <TABLE> <TBODY> <TR data-start="2447" data-end="2630"> <TD class="" data-start="2447" data-end="2482"><STRONG data-start="2449" data-end="2475">User-logon (Always On)</STRONG></TD> <TD class="" data-start="2482" data-end="2560">Most standard corporate users</TD> <TD class="min-w-[calc(var(--thread-content-max-width)/3)]" data-start="2560" data-end="2630">&nbsp;</TD> </TR> </TBODY> </TABLE> <TABLE> <TBODY> <TR data-start="2631" data-end="2813"> <TD class="" data-start="2631" data-end="2666"><STRONG data-start="2633" data-end="2658">Pre-logon (Always On)</STRONG></TD> <TD class="min-w-[calc(var(--thread-content-max-width)/3)]" data-start="2666" data-end="2744">Domain-joined laptops needing remote AD login, GPOs, scripts</TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P>Is it advisable to configure internal gateway for the internal users , now the current setup is&nbsp; internal host detection &gt;&gt; No tunnel.</P> <P>Please share best practices in Agent App for always on .</P> <P>&nbsp;</P> <P>Thanks KK&nbsp; &nbsp;</P> Thu, 10 Apr 2025 11:07:03 GMT k.pillai 2025-04-10T11:07:03Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-enabling-always-on/m-p/1226204#M6670 <P>Hi Team , I am planning to implement&nbsp;Always on Global protect client 6.0 , so would like to know the best practices in implementations and how can i plan the implementation phase ?&nbsp;</P> <P>&nbsp;</P> <TABLE> <TBODY> <TR data-start="2447" data-end="2630"> <TD class="" data-start="2447" data-end="2482"><STRONG data-start="2449" data-end="2475">User-logon (Always On)</STRONG></TD> <TD class="" data-start="2482" data-end="2560">Most standard corporate users</TD> <TD class="min-w-[calc(var(--thread-content-max-width)/3)]" data-start="2560" data-end="2630">&nbsp;</TD> </TR> </TBODY> </TABLE> <TABLE> <TBODY> <TR data-start="2631" data-end="2813"> <TD class="" data-start="2631" data-end="2666"><STRONG data-start="2633" data-end="2658">Pre-logon (Always On)</STRONG></TD> <TD class="min-w-[calc(var(--thread-content-max-width)/3)]" data-start="2666" data-end="2744">Domain-joined laptops needing remote AD login, GPOs, scripts</TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P>Is it advisable to configure internal gateway for the internal users , now the current setup is&nbsp; internal host detection &gt;&gt; No tunnel.</P> <P>Please share best practices in Agent App for always on .</P> <P>&nbsp;</P> <P>Thanks KK&nbsp; &nbsp;</P> Thu, 10 Apr 2025 11:07:03 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-enabling-always-on/m-p/1226204#M6670 k.pillai 2025-04-10T11:07:03Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-enabling-always-on/m-p/1226792#M6695 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/1485311473">@k.pillai</a>&nbsp;,</P> <P>&nbsp;</P> <P>As far as deciding on an internal gateway, it really depends on your goals and current visibility for internal users. I would think about a few things:<BR /><BR />Is there east-west visibility within the internal network (does internal traffic traverse your firewall/firewalls today?)</P> <P>What type of applications or services do internal users access? Is any of that considered sensitive?<BR />Are there any security tools currently leveraged within the environment?&nbsp;</P> <P>Any compliance requirements?&nbsp;</P> <P>&nbsp;</P> <P>If internal traffic isn't inspected today or if monitoring and threat prevention capabilities are important, then an internal gateway with always-on vpn can definitely be valuable.</P> <P>&nbsp;</P> <P>Hope this helps!&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 17 Apr 2025 05:28:13 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-enabling-always-on/m-p/1226792#M6695 JayGolf 2025-04-17T05:28:13Z