GlobalProtect
About the GlobalProtect Components
Table of Contents
About the GlobalProtect Components
GlobalProtect provides a complete infrastructure for managing secure access for the
mobile workforce, including the GlobalProtect portal for management functions, GlobalProtect
gateways for security enforcement, and the GlobalProtect app for enabling access to network
resources.
GlobalProtect provides a complete infrastructure for
managing your mobile workforce to enable secure access for all your
users, regardless of what endpoints they are using or where they
are located. This infrastructure includes the following components:
GlobalProtect Portal
The GlobalProtect portal provides the management functions for your GlobalProtect infrastructure.
Every endpoint that participates in the GlobalProtect network receives configuration
information from the portal, including information about available gateways as well
as any client certificates that may be required to connect to the GlobalProtect
gateway. In addition, the portal controls the behavior and distribution of the
GlobalProtect app software to both macOS and Windows endpoints. On mobile endpoints,
the GlobalProtect app is distributed through the Apple App Store for iOS endpoints,
Google Play for Android endpoints and Chromebooks, and the Microsoft Store for
Windows 10 UWP endpoints. If you're using the Host
Information Profile (HIP) feature, the portal also defines what
information to collect from the host, including any custom information you require.
You can Set Up Access to the
GlobalProtect Portal on an interface on any Palo Alto Networks
Next-Generation Firewall.
GlobalProtect Gateways
GlobalProtect gateways provide security enforcement for traffic from GlobalProtect apps.
Additionally, if the HIP feature is enabled, the gateway generates a HIP report from
the raw host data the apps submit and can use this information in policy
enforcement. You can configure different Types of
Gateways to provide security enforcement and virtual private network
(VPN) access for your remote users, or to apply security policy for access to
internal resources.
You can Configure a
GlobalProtect Gateway on an interface on any Palo Alto Networks
Next-Generation Firewall. You can run both a gateway and a portal on the same
firewall, or you can have multiple distributed gateways throughout your
enterprise.
GlobalProtect App
The GlobalProtect app software runs on endpoints and
enables access to your network resources through the GlobalProtect
portals and gateways that you have deployed.
The GlobalProtect app for Windows and macOS endpoints is deployed from the GlobalProtect portal.
You can configure the behavior of the app—for example, which tabs the users can
see—in the client configurations that you define on the portal. See Define the
GlobalProtect Agent Configurations, Customize the
GlobalProtect App, and Deploy the
GlobalProtect App Software for details.
The GlobalProtect app for mobile endpoints (iOS, Android, and
Windows UWP) is available through the official store for the endpoint—the Apple
App Store for iOS, Google Play for Android, and the Microsoft Store
for Windows UWP. You can alternatively deploy
the GlobalProtect Mobile App Using Workspace ONE or other supported
third-party mobile endpoint management systems.
See What
OS Versions are Supported with GlobalProtect? for more details.
The following diagram illustrates how the GlobalProtect portals,
gateways, and apps work together to enable secure access for all
your users, regardless of what endpoints they are using or where
they are located.
GlobalProtect app features operate as intended only when the integrity of the
endpoints and end users is intact. If malicious end users or malware compromise
these elements, they may undermine the proper functioning of these features.