Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

GlobalProtect, Working from Home, Prisma Access and Covid-19

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

GlobalProtect, Working from Home, Prisma Access and Covid-19

L7 Applicator

To all, 

Just wanted to post a message about the Hot Topic right now, which is Covid-19. 

With all of this going around, everybody's health and safely is the utmost concern. Keeping your hands clean, washing your hands (A LOT), using hand sanitizers, and stop touching your face (I see you doing it now).

 

One of the things that is happening all over the place is telecommuting. Just like being safe in the real world, a VPN is a necessity when doing your work online. Palo Alto Networks has a couple of products that can help keep you secure online, which are GlobalProtect and Prisma Access.

 

GlobalProtect is the built-in VPN solution for our Strata (firewall) suite.

Prisma Access is our globally distributed cloud service that can automatically scale when your need increases. 

One of the advantages of using Prisma Access is that you do not need to deploy any new hardware to expand your capacity.

 

For GlobalProtect, our sales staff is available is to help your need for more hardware capacity.

For Prisma Access, we are offering free accelerated deployment and on-boarding of remote users.

Also, for any existing Prisma Access customers, we will be giving additional capacity to address increased usage at no additional cost for 90 days.

 

This is meant as a reminder for everyone that we have products to keep you secure.

Please send an email if you have any questions about increasing capacity to the following address:

rapid-response@paloaltonetworks.com

 

More Information:

Palo Alto Networks CEO, Nikesh Arora has put out a blog about this subject here:

Securely Connect and Scale Remote Workforces

 

For a list of Configuration and Troubleshooting articles, please see the GlobalProtect Resource List here:

GlobalProtect Resource List on Configuring and Troubleshooting

 

For any questions about licensing, please review GlobalProtect License requirements here:

GlobalProtect Licensing

 

Please check my Blog about this with more information, links and even videos here:

GlobalProtect and Prisma Access during COVID-19

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!
1 accepted solution

Accepted Solutions

Dear @Sokchen,

One of the best parts about GlobalProtect is that the core license to run the product is FREE. The only time you need the license is when:

  • Using HIP
  • Using iOS or Android mobile application

Otherwise you will only be limited to the hardware limitations of your device.

Which are listed in the spec sheets.. 

https://www.paloaltonetworks.com/network-security/pa-series

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!

View solution in original post

43 REPLIES 43

L0 Member

Dear Jdelio,

 

Thanks

Best regard,

Sokchen

Dear @Sokchen,

One of the best parts about GlobalProtect is that the core license to run the product is FREE. The only time you need the license is when:

  • Using HIP
  • Using iOS or Android mobile application

Otherwise you will only be limited to the hardware limitations of your device.

Which are listed in the spec sheets.. 

https://www.paloaltonetworks.com/network-security/pa-series

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!

Is there a way to get throughput statistic of GP Usage. 

Since we are quickly adding more remote users through global protect we need a way to monitor throughput and performance on the firewall. 

So far all I have been able to find is ways to track the AP but it is not representative of throughput 

@gesqueda 

Are you wanting performance numbers? or are you just wanting to show the number of users?

 

Inside of this KB about troubleshooting GlobalProtect, it shows many things including the commands below to show the usage:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClkBCAS

 

Command Description
current-satellite Show current GlobalProtect gateway satellites
current-user Show current GlobalProtect gateway users
flow Show dataplane GlobalProtect gateway tunnel information
flow-site-to-site Show dataplane GlobalProtect site-to-site gateway tunnel information
gateway Show list of GlobalProtect gateway configuration
previous-satellite Show previous GlobalProtect gateway satellites
previous-user Show previous user session for GlobalProtect gateway users
statistics Show statistics of current GlobalProtect gateway users

 

I hope this helps.

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!

Joe,

I'd like to request that this information also be viewable in the GUI as well, maybe under "monitor"?

Always nice to be able to get the info in both places.

Maybe add this as a feature-request?

 

Its a work in progress, but they started having this data in PAN OS 9.1

 

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-new-features/globalprotect-features/enhanced-log...

@googol , thanks for posting that. 

@dannon , I am sorry I didn't give all that info. 

And just like you wanted, this is available under the monitor > Logs > GlobalProtect. and under the ACC > GlobalProtect Activity. Under PAN-OS 9.1

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!

Dang!

We are only on 8.13 because of bugs in 9.0 / 9.1 we experienced and had to roll back.

 

Glad it will be there when we finally move to the newer code.

 

L1 Bithead

All the Prisma Access North American gateways show as healthy on the status dashboard but from our perspective it is virtually unusable (especially US-WEST). Is there any way for us to determine what gateway's are under the most load? Right now we're essentially playing hot potato and telling users to switch to other ones as performance degrades

@mike.pochan 

Please open a case with support on this issue, as we want to help ensure that there are not any performance issues with Prisma Access.

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!

Palo Alto Networks Guru

Can we implement QoS for globalprotect sessions

@jdelio I seem to cant access the link with either live or support account

https://paloaltonetworks.my.salesforce.com/kA10g000000ClkB?srPos=1&srKp=ka1&lang=en_US

@raji_toor 

Sorry for that, please try this link instead..

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClkBCAS

 

fixing the other link now.

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!
  • 1 accepted solution
  • 43796 Views
  • 43 replies
  • 33 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!