GlobalProtect Portal

In this topology, a PA-3020 in the co-location space functions as a GlobalProtect portal.
Employees and contractors can authenticate to the portal using two-factor authentication (2FA) consisting of Active Directory (AD) credentials and a one-time password (OTP). The portal deploys GlobalProtect client configurations based on user and group membership and operating system.
By configuring a separate portal client configuration that applies to a small group or set of pilot users, you can test features before rolling them out to a wider user base. Any client configuration containing new features—such as the Enforce GlobalProtect or Simple Certificate Enrollment Protocol (SCEP) features that were made available with PAN-OS 7.1 and content updates that followed—is enabled in the pilot configuration first and validated by those pilot users before it is made available to other users.
The GlobalProtect portal also pushes configurations to GlobalProtect satellites. This configuration includes the GlobalProtect gateways to which satellites can connect and establish a site-to-site tunnel.

Recommended For You