GlobalProtect
About the GlobalProtect Components
Table of Contents
About the GlobalProtect Components
GlobalProtect provides a complete infrastructure for
managing your mobile workforce to enable secure access for all your
users, regardless of what endpoints they are using or where they
are located. This infrastructure includes the following components:
GlobalProtect Portal
The GlobalProtect portal provides the management functions
for your GlobalProtect infrastructure. Every endpoint that participates
in the GlobalProtect network receives configuration information
from the portal, including information about available gateways
as well as any client certificates that may be required to connect
to the GlobalProtect gateway(s). In addition, the portal controls
the behavior and distribution of the GlobalProtect app software
to both macOS and Windows endpoints (on mobile endpoints, the GlobalProtect
app is distributed through the Apple App Store for iOS endpoints,
Google Play for Android endpoints and Chromebooks, and the Microsoft
Store for Windows 10 UWP endpoints). If you are using the Host
InformationProfile (HIP) feature, the portal also defines
what information to collect from the host, including any custom
information you require. You can Set
Up Access to the GlobalProtect Portal on an interface on
any Palo Alto Networks next-generation firewall.
GlobalProtect Gateways
GlobalProtect gateways provide security enforcement for traffic from GlobalProtect apps.
Additionally, if the HIP feature is enabled, the gateway generates a HIP report from
the raw host data the apps submit and can use this information in policy
enforcement. You can configure different types of gateways to provide
security enforcement and/or virtual private network (VPN) access for your remote
users, or to apply security policy for access to internal resources.
You can Configure
a GlobalProtect Gateway on an interface on any Palo Alto
Networks next-generation firewall. You can run both a gateway and
a portal on the same firewall, or you can have multiple distributed
gateways throughout your enterprise.
GlobalProtect App
The GlobalProtect app software runs on endpoints and
enables access to your network resources through the GlobalProtect
portals and gateways that you have deployed.
The GlobalProtect app for Windows and macOS endpoints is deployed
from the GlobalProtect portal. You can configure the behavior of
the app—for example, which tabs the users can see—in the client
configuration(s) that you define on the portal. See Define
the GlobalProtect Agent Configurations, Customize
the GlobalProtect App, and Deploy
the GlobalProtect App Software for details.
The GlobalProtect app for mobile endpoints (iOS, Android, and Windows UWP) is available through
the official store for the endpoint—the Apple App Store for iOS, Google Play for
Android, and the Microsoft Store for Windows UWP. You can alternatively Deploy the
GlobalProtect Mobile App Using Workspace ONE, which is a third-party
mobile endpoint management system.
See What
OS Versions are Supported with GlobalProtect? for more details.
The following diagram illustrates how the GlobalProtect portals,
gateways, and apps work together to enable secure access for all
your users, regardless of what endpoints they are using or where
they are located.
