- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
09-06-2017 03:16 PM
Hello,
We have a primary and secondary datacenter. We have a Palo NGFW with Portal and GW configured at our primary DC and a second Palo NGFW configured as an additional GW at our secondary DC. Portal configuration has both GW's setup with the primary datacenter GW as higher priority. If the primary datacenter fails or access to the portal fails, will the existing clients with existing configurations just connect to the secondary datacenter? I understand that the clients need to talk with the portal to get the initial configurations and specifically the list of GWs but after they have this, can the portal fail and they will just connect via the priority 2 GW without access to the portal?
If the Portal is absolutely necessary for client connections each and every time (even if there are no updates to configuration), is there a better means to deal with a single portal and multiple GWs in different datacenters? Or do i just default to setting up the secondary datacenter Palo NGFW as its own independant portal and gw and just use the same DNS name/cert and change DNS record in the case of a failure?
09-06-2017 03:40 PM
"...If the portal becomes unavailable, new users (who have never connected to the portal before) will not be able to connect to GlobalProtect. However, existing users can use the cached portal client configuration to connect to one of the gateways."
Yes, if the portal fails, the clients still have a cached list of gateways where they can connect.
09-06-2017 03:40 PM
"...If the portal becomes unavailable, new users (who have never connected to the portal before) will not be able to connect to GlobalProtect. However, existing users can use the cached portal client configuration to connect to one of the gateways."
Yes, if the portal fails, the clients still have a cached list of gateways where they can connect.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!