You may or may not remember, but back in June at Ignite 2017, there was an a new product annoucement for GlobalProtect Cloud Service. If you would like to read that initial annoucement please see: GlobalProtect Cloud Service - Ignite Annoucement
Well, today is the day that we officially announce GlobalProtect Cloud server being publically available.
Based on the entire suite of our Next-Generation Security Platform features, GlobalProtect Cloud Service is managed by Panorama, allowing you to create and deploy consistent security policies across your entire organization. To implement GlobalProtect Cloud Service, you will use Panorama to onboard remote networks and mobile users, and then create and deploy security policies as needed.
Here are some of the GlobalProtect Cloud Service benefits:
Consistent next-generation security delivered globally in a more operationally efficient manner
Manage adding locations, users and policy deployment centrally with Panorama to reduce administrative effort
Facilitates a more predictable, operational expenditure (OPEX) based spending model for protecting remote networks and mobile users
Protects your distributed enterprise with consistent security policies supported by our next generation security platform prevention philosophy that encompasses:
Complete visibility and control over all applications, across all ports
Reduction of threat footprint by only allowing the applications you want and blocking all others
Prevention of known attacks within allowed application flows
Automated analysis and delivery of protection mechanisms for unknown attacks
Emphasizes a shared ownership model where you or your services partner manage all aspects of adding or removing locations, users, policy creation and deployment while Palo Alto Networks manages the security infrastructure.
A cloud-based next-generation security infrastructure that scales as demand shifts, is always on and always available, allowing you to focus your efforts on delivering consistent security to all locations and users in an operationally efficient manner.
SD-WAN support provides a connectivity alternative to IPsec VPN over for large scale remote location connectivity.
Q: How are remote networks and mobile users protected? A: Remote networks are connected to GlobalProtect Cloud Service via an IPsec VPN capable device or an SD-WAN network. Traffic to corporate, SaaS apps or to the web is protected with a security policy based on our next-generation security platform. Mobile users will connect through the GlobalProtect client or app on the device via an IPsec/SSLVPN and will be protected in a similar manner.
Q: Is GlobalProtect cloud service replacing the existing GlobalProtect subscription? A: No. GlobalProtect Cloud Service complements the existing GlobalProtect subscription option and in fact can be used jointly.
Q: Are other Palo Alto Networks products needed to use GlobalProtect Cloud Service? A: GlobalProtect Cloud Service needs Panorama 8.0 or later (either on an M-Series appliance or as a virtual machine deployed on premises) as a manager and Logging Service for log collection.
For more information about GlobalProtect Cloud Service where we feature 2 videos about streamlining next-gen security deployments for remote networks and mobile users and a Lightboard Series Introducing GlobalProtect cloud service, please see: GlobalProtect Cloud Service