GlobalProtect provides a complete infrastructure for
managing your mobile workforce to enable secure access for all your users,
regardless of what devices they are using or where they are located.
This infrastructure includes the following components:
The GlobalProtect portal provides the management functions
for your GlobalProtect infrastructure. Every client system that participates
in the GlobalProtect network receives configuration information
from the portal, including information about available gateways as
well as any client certificates that may be required to connect
to the GlobalProtect gateway(s). In addition, the portal controls
the behavior and distribution of the GlobalProtect agent software
to both Mac and Windows laptops. (On mobile devices, the GlobalProtect
app is distributed through the Apple App Store for iOS devices or
through Google Play for Android devices.) If you are using the Host
Information Profile (HIP) feature, the portal also defines what
information to collect from the host, including any custom information
you require. You Set
Up Access to the GlobalProtect Portal on an interface on
any Palo Alto Networks next-generation firewall.
GlobalProtect gateways provide security enforcement
for traffic from GlobalProtect agents/apps. Additionally, if the
HIP feature is enabled, the gateway generates a HIP report from
the raw host data the clients submit and can use this information
in policy enforcement. You can configure different Types
of Gateways to provide security enforcement and/or virtual
private network (VPN) access for your remote users, or to apply
security policy for access to internal resources.
a GlobalProtect Gateway on an interface on any Palo Alto
Networks next-generation firewall. You can run both a gateway and
a portal on the same firewall, or you can have multiple, distributed
gateways throughout your enterprise.
The GlobalProtect client software runs on end user systems
and enables access to your network resources via the GlobalProtect
portals and gateways you have deployed. There are two types of GlobalProtect
—Runs on iOS, Android, Windows
UWP, and Chromebook devices. Users must obtain the GlobalProtect
app from the Apple App Store (for iOS), Google Play (for Android),
Microsoft Store (for Windows UWP), or Chrome Web Store (for Chromebook).
The following diagram illustrates how the GlobalProtect portals,
gateways, and agents/apps work together to enable secure access
for all your users, regardless of what devices they are using or
where they are located.