Global Load Balancer (DNS) for GlobalProtect Portal

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Global Load Balancer (DNS) for GlobalProtect Portal

L0 Member

Looking to set up multiple data center redundancy for GlobalProtect and I'm unsure if Palo Alto would support a global load balancer (GLB) for the solution.  We have global load balancer DNS servers that detect the status of our DC internet connections and will remove the IP's from the DNS entry if an ISP is down.  The TTL on the DNS entries is 10s so it happens fast.  We have 2 data centers.  The primary data center has 2 Internet connections with a local load balancer handling the ISP redundancy.  The second data center has a similar setup but only a single ISP for now.  My thought is to create a DNS entry for vpn.company.com that is load balanced to the portal service across both DCs (and essentially all 3 ISPs).  Once the client connects to the portal, it returns two gateways.  It will return vpn1.company.com and vpn2.company.com.  The vpn1 entry would be another load balanced DNS entry which points to both ISPs at the primary DC.  The vpn2 entry would point to the secondary DC's ISP.

 

I believe I would need 3 DNS names and 3 certificates to make this work.  The vpn.company.com certificate would be installed on both DC's Palo's and bound to the Portal service.  The vpn1 and vpn2 certificates would be bound to their respective DC.

 

We already use vpn1.company.com to load balance across the primary DC's ISPs and it works great.  I think this is literally just load balancing the portal.

 

Would this be a supported solution with GlobalProtect?  I believe this gives me both portal and gateway redundancy.

 

Thanks...

1 REPLY 1

L7 Applicator

Hi @yostie 

Actually this sounds like a good idea to configure it this way. You only need to make sure that both portals are configured the same, but I think this is nothing new for you in this case. So if you haven't done it already like this (as this post is already some months old) just go for it 😉

  • 4596 Views
  • 1 replies
  • 2 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!