Large Scale VPN (LSVPN)
Focus
Focus
Next-Generation Firewall

Large Scale VPN (LSVPN)

Table of Contents

Large Scale VPN (LSVPN)

Learn about LSVPN and its infrastructure. LSVPN enables quick and secure network interconnections across enterprise branches with minimal configuration.
Where Can I Use This?What Do I Need?
  • NGFW
  • No separate license required for LSVPN when using NGFWs
The GlobalProtect Large Scale VPN (LSVPN) feature on the Palo Alto Networks Next-Generation Firewall simplifies the deployment of traditional hub and spoke VPNs, enabling you to deploy enterprise networks with several branch offices quickly with a minimum amount of configuration required on the remote satellites. This solution uses certificates for firewall authentication and IPSec to secure data.
LSVPN enables site-to-site VPNs between Palo Alto Networks firewalls. To set up a site-to-site VPN between a Palo Alto Networks firewall and another device, see VPNs. The LSVPN doesn’t require a GlobalProtect subscription.

LSVPN Overview

GlobalProtect provides a complete infrastructure for managing secure access to corporate resources from your remote sites. This infrastructure includes the following components:
  • GlobalProtect Portal—Provides the management functions for your GlobalProtect LSVPN infrastructure. Every satellite that participates in the GlobalProtect LSVPN receives configuration information from the portal, including configuration information to enable the satellites (the spokes) to connect to the gateways (the hubs). You configure the portal on an interface on any Palo Alto Networks Next-Generation Firewall.
  • GlobalProtect Gateways—A Palo Alto Networks firewall that provides the tunnel endpoint for satellite connections. The Satellites access resources that you protect using Security policy rules on the gateway. It isn’t required to have a separate portal and gateway; a single firewall can function both as portal and gateway.
  • GlobalProtect Satellite—A Palo Alto Networks firewall at a remote site that establishes IPSec tunnels with one or more gateways at your corporate office(s) for secure access to centralized resources. Configuration on the satellite firewall is minimal, enabling you to scale your VPN quickly and easily as you add new sites.
The following diagram illustrates how the GlobalProtect LSVPN components work together.