GlobalProtect provides a complete infrastructure for
managing secure access to corporate resources from your remote sites.
This infrastructure includes the following components:
GlobalProtect Portal—Provides the management functions
for your GlobalProtect LSVPN infrastructure. Every satellite that
participates in the GlobalProtect LSVPN receives configuration information
from the portal, including configuration information to enable the
satellites (the spokes) to connect to the gateways (the hubs). You
configure the portal on an interface on any Palo Alto Networks next-generation
firewall.
GlobalProtect Gateways—A Palo Alto Networks firewall that provides the tunnel end point
for satellite connections. The Satellites access resources that you protect
using Security policy rules on the gateway. It is not required to have a
separate portal and gateway; a single firewall can function both as portal and
gateway.
GlobalProtect Satellite—A Palo Alto Networks firewall
at a remote site that establishes IPSec tunnels with the gateway(s)
at your corporate office(s) for secure access to centralized resources.
Configuration on the satellite firewall is minimal, enabling you
to quickly and easily scale your VPN as you add new sites.
The following diagram illustrates how the GlobalProtect LSVPN
components work together.