GlobalProtect Best Gateway Selection

GlobalProtect uses a network discovery method to select the best available gateway from the multiple available gateway options. GlobalProtect attempts to communicate with all the gateways and uses criteria such as gateway priority, load, and response time from each gateway to determine which is the best available gateway. However, suboptimal endpoint conditions, such as load and high CPU usage, can impact the response time and lead to a suboptimal gateway selection.

We introduced GlobalProtect Best Gateway Selection Criteria feature to prevent suboptimal endpoint conditions impacting the result of the GlobalProtect network discovery method, which help ensure a reliable best available GlobalProtect gateway selection even in a suboptimal endpoint environment.

You can configure the best gateway selection criteria in the app settings of the GlobalProtect portal configuration so that endpoints select the best available gateway when end users connect from an external network.

After you configure these settings, the GlobalProtect app first attempts to connect to the external gateways listed in its client configuration and then it establishes a connection to the gateway with the highest priority and shortest response time.

After you enable this feature, you can configure the app to use the time it takes to get a successful TCP connection as the external gateway measurement. Them, when you select Response Time as the Best Gateway Selection Criteria in the app settings of the portal configuration, GlobalProtect will use the duration of the TCP handshake to measure the time it takes to establish an external gateway connection.