GlobalProtect provides a complete infrastructure for
managing secure access to corporate resources from your remote sites.
This infrastructure includes the following components:
GlobalProtect Portal—Provides the management functions
for your GlobalProtect LSVPN infrastructure. Every satellite that
participates in the GlobalProtect LSVPN receives configuration information
from the portal, including configuration information to enable the
satellites (the spokes) to connect to the gateways (the hubs). You
configure the portal on an interface on any Palo Alto Networks next-generation
firewall.
GlobalProtect Gateways—A Palo Alto Networks firewall
that provides the tunnel end point for satellite connections. The
resources that the satellites access is protected by security policy
on the gateway. It is not required to have a separate portal and
gateway; a single firewall can function both as portal and gateway.
GlobalProtect Satellite—A Palo Alto Networks firewall
at a remote site that establishes IPSec tunnels with the gateway(s)
at your corporate office(s) for secure access to centralized resources.
Configuration on the satellite firewall is minimal, enabling you
to quickly and easily scale your VPN as you add new sites.
The following diagram illustrates how the GlobalProtect LSVPN
components work together.