GlobalProtect Portal availability

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

GlobalProtect Portal availability

L0 Member

Hello,  

 

We have a primary and secondary datacenter.  We have a Palo NGFW with Portal and GW configured at our primary DC and a second Palo NGFW configured as an additional GW at our secondary DC.  Portal configuration has both GW's setup with the primary datacenter GW as higher priority.  If the primary datacenter fails or access to the portal fails, will the existing clients with existing configurations just connect to the secondary datacenter?  I understand that the clients need to talk with the portal to get the initial configurations and specifically the list of GWs but after they have this, can the portal fail and they will just connect via the priority 2 GW without access to the portal?  

 

If the Portal is absolutely necessary for client connections each and every time (even if there are no updates to configuration), is there a better means to deal with a single portal and multiple GWs in different datacenters?  Or do i just default to setting up the secondary datacenter Palo NGFW as its own independant portal and gw and just use the same DNS name/cert and change DNS record in the case of a failure?

1 accepted solution

Accepted Solutions

L7 Applicator

https://www.paloaltonetworks.com/documentation/80/globalprotect/globalprotect-admin-guide/globalprot...

 

"...If the portal becomes unavailable, new users (who have never connected to the portal before) will not be able to connect to GlobalProtect. However, existing users can use the cached portal client configuration to connect to one of the gateways."

 

Yes, if the portal fails, the clients still have a cached list of gateways where they can connect.  

View solution in original post

1 REPLY 1

L7 Applicator

https://www.paloaltonetworks.com/documentation/80/globalprotect/globalprotect-admin-guide/globalprot...

 

"...If the portal becomes unavailable, new users (who have never connected to the portal before) will not be able to connect to GlobalProtect. However, existing users can use the cached portal client configuration to connect to one of the gateways."

 

Yes, if the portal fails, the clients still have a cached list of gateways where they can connect.  

  • 1 accepted solution
  • 2076 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!