Because the GlobalProtect configuration that the portal
delivers to the agents includes the list of gateways the client
can connect to, it is a good idea to configure the gateways before
configuring the portal.
Enforce security policy for the GlobalProtect agents
and apps that connect to it. You can also enable HIP collection
on the gateway for enhanced security policy granularity. For more
information on enabling HIP checks, see Use
Host Information in Policy Enforcement.
Provide virtual private network (VPN) access to your internal
network. VPN access is provided through an IPSec or SSL tunnel between
the client and a tunnel interface on the gateway firewall.
You can also configure GlobalProtect gateways
on VM-Series firewalls deployed in the AWS cloud. By deploying the
VM-Series firewall in the AWS cloud you can quickly and easily deploy
GlobalProtect gateways in any region without the expense or IT logistics
that are typically required to set up this infrastructure using
your own resources. For details, see Use Case: VM-Series Firewalls as GlobalProtect
Gateways in AWS.