GlobalProtect uses a network discovery method to select the best available gateway from the available multiple gateway options. GlobalProtect attempts to communicate with all the gateways and uses criteria such as gateway priority, load, and response time from the gateway to determine the best available gateway to connect. Suboptimal endpoint conditions such as load and high CPU can impact the response time leading to incorrect gateway selection.

GlobalProtect Best Gateway Selection Criteria feature prevents suboptimal endpoint conditions effects on GlobalProtect network discovery resulting in the reliable best available GlobalProtect gateway selection in a suboptimal endpoint environment.

You can now configure the best gateway selection criteria in the app settings of the GlobalProtect portal configuration for the endpoints to select the best available gateway when the end users are connecting from an external network.

When the end user is connecting from an external network, the GlobalProtect app first attempts to connect to the external gateways listed in its client configuration, and then it establishes a connection to the gateway with the highest priority and shortest response time.

Previously, the time taken for a successful TLS handshake was used by the app to measure the time taken to establish an external gateway connection.

With this feature enabled, you can configure the app to use the time taken for a successful TCP connection as the external gateway measurement criteria. When you select the Best Gateway Selection Criteria option as Response Time in the app settings of the portal configuration, the duration of the TCP handshake is used by the app to measure the time taken to establish an external gateway connection.