High level overview of adding GlobalProtect to Next-Generation Firewall.
To add GlobalProtect to your Palo Alto an NGFW environment, you start by preparing your
firewall infrastructure, including loopback and tunnel interfaces, and assigning
appropriate zones. Next, you configure the GlobalProtect portal and gateway to handle
user authentication, client settings, and IP allocation. Routing and security policies
are then set up to ensure VPN traffic reaches internal resources securely. Optional
device posture checks (HIP) can be enabled for compliance enforcement. Finally, after
committing the configuration, users can install the GlobalProtect app and securely
connect to your network.
- Set up Prerequisites
To add GlobalProtect to your NGFW environment, you will
need the following:
- GlobalProtect Gateway license: Verify that your GlobalProtect
Gateway license has been activated.
- External DNS name: Decide on the external DNS name (e.g.,
vpn.yourdomain.com) and secure a matching SSL certificate.
- Layer 3 or loopback interfaces: You will need a Layer 3 or loopback
interface for the portal, and internal and external gateways.
- Portal Hostname: Ensure that you know the fully qualified domain
name (FQDN) of the portal.
- Set Up Firewall
In order to set up the firewall, you need to create
interfaces and zones for GlobalProtect. See xxx.
You also need to
enable Enable SSL Between GlobalProtect Components.
- Set Up Initial connection to GlobalProtect
To access private apps, resources, or the
internet, you must also define traffic routing and security policies on the
firewall.
- (Optional) Configure split tunnel traffic based on an access route, destination
domain, application, and HTTP/HTTPS video streaming application. See Split Tunnel Traffic on GlobalProtect
Gateways.
- Configure Device Posture
- Deploy GlobalProtect App
