Global Protect External Gateways and Azure Traffic Manager - Potential configuration issues.

cancel
Showing results for 
Search instead for 
Did you mean: 

Global Protect External Gateways and Azure Traffic Manager - Potential configuration issues.

L0 Member

Hi All,

We have been experiencing some odd behavior with our Global Protect Client VPN and I wanted to better understand what our design should look like and if we had conflict somewhere.

 

Our organisation currently uses Azure Traffic Manager to distribute requests for vpn.organisation.com to geographically separated Palo Alto Gateways (based on a priority setting in azure rather than geo).

 

We have 3 external gateways configured:

External Gateway 1 - europe-vpn.organisation.com
External Gateway 2 - australia1-vpn.organisation.com
External Gateway 3 - australia2-vpn.organisation.com

 

I have been investigating the each of the 3 external gateways configuration and noticed the following:
GlobalProtect Portal Configuration --> Agent --> Configs


Each site appears to have 2 x external gateways configured, for example:

 

External Gateway 1
europe-vpn.organisation.com
vpn.organisation.com

 

External Gateway 2
australia1-vpn.organisation.com
vpn.organisation.com

 

External Gateway 3
australia2-vpn.organisation.com
vpn.organisation.com

 

Ultimately my question is as follows:

Will using Azure Traffic Manager along with each External gateway having the configuration as described above, cause a conflict in the way that the gateways operate?

 

I suspect that the individual external gateways 1/2/3 are using their own selection criteria and conflicting with what Azure Traffic Manager is doing.

 

From some positive testing results, it looks like the external gateways 1/2/3 only need to have themselves configured so that the Azure Traffic Manager can do what it's supposed to do.

 

Thanks in advance for any advice, if I haven't explained clearly enough, please let me know.

Signature
Title
Location
Personal web page
Biography Personal Information
Private notes Last nameFirst name
0 REPLIES 0
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!