We have deployed a PA-VM into AWS running 10.0.4 and are currently trying to configure Global Protect to secure our developer connections to our AWS environment. We have a Global Protect Gateway deployed and are able to establish a VPN connection. The issue we have is with the IP Pool assignment. Each IP in the pool which is distributed to a GP Client needs to be added to the private interface as a secondary IP address, whilst this is fine for one or two connections, there is a limit in AWS of 10 secondary IP addresses, when we exceed 10 clients connecting the traffic from, for example a web server, cannot route back to the appliance correctly to be returned to the GP Client. I have reviewed numerous documents around the configuration and setup of PA-VM in AWS and none of the Global Protect documentation seems to address cloud deployments, it all references on-premise. There are detailed steps on GP in AWS which properly addresses this problem. Is there any best practice or previous solutions for deploying Global Protect in AWS on how to handle this IP Pool routing issues and AWS private IP limitation?
... View more