This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

GlobalProtect Overview

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

GlobalProtect Overview

SpencerMitchell
L3 Networker
‎04-10-2020 10:13 AM

GlobalProtect OverviewGlobalProtect Overview

 

Given the current state of things, many technical professionals are scrambling to safely enable remote access to internal resources and the Internet for their end users. As a result, I thought I would share my GlobalProtect series of articles with the community, as this is an extremely viable option for Palo Alto Networks customers that need a robust remote access solution.

 

GlobalProtect is a very flexible Palo Alto Networks core capability that allows remote users to access local and/or Internet resources while still being protected from known and unknown threats. This feature provides policy consistency regardless of end user location, and eliminates the need for managing additional point products in your environment. If you are looking for something highly scalable and do not wish to leverage on-premise hardware/software/licensing, Prisma Access is a great option, as it is just as robust from a capabilities standpoint, but is a SaaS service that leverages the scale of public cloud to accommodate a 100% remote workforce.

 

The goal of this series is to provide Palo Alto Networks users with a walk through for setting up a basic configuration that is applicable to both traditional GlobalProtect and Prisma Access for Mobile Users deployments. This can also be something that you can reference prior to kicking off a PoC or implementation to better understand the general implementation flow. Each post in the series builds upon the previous one. Here are the details:

 

  • GlobalProtect Part I - A basic initial setup with a portal, external gateway, and local DB authentication.
  • GlobalProtect Part II - An expanded setup to include various forms of authentication (LDAP, RADIUS, Duo), as well as an internal gateway.
  • GlobalProtect Part III - A further expanded setup to include user-based and HIP-based policy, as well as HIP notifications.
  • GlobalProtect Part IV - A further expanded setup to include authentication policy with MFA for HTTP and non-HTTP access to sensitive resources. 
  • GlobalProtect Part V - A further expanded setup to include pre-logon authentication using machine certificates.

 

If you are unfamiliar with GlobalProtect terminology, see this link. Additional details regarding GlobalProtect administration can be found in the official Palo Alto Networks documentation.

A diagram of the environment used in this series.A diagram of the environment used in this series.

 

  • 24927 Views
  • 0 comments
  • 9 Likes
Register or Sign-in
Labels
Popular Blogs
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks