GlobalProtect gateways provide security enforcement
for traffic from the GlobalProtect apps. Additionally, if the Host
Information Profile (HIP) feature is enabled, the gateway
generates a HIP report from the raw host data that the endpoints
submit, which it can use for policy enforcement.
a GlobalProtect Gateway on any Palo Alto Networks next-generation
firewall. You can run both a gateway and portal on the same firewall,
or you can have multiple distributed gateways throughout your enterprise.
GlobalProtect supports the following gateway types:
—An internal gateway is an interface on
the internal network that is configured as a GlobalProtect gateway
and applies security policies for internal resource access. When
used in conjunction with User-ID and/or HIP checks, an internal
gateway can be used to provide a secure, accurate method of identifying
and controlling traffic based on user and/or device state. Internal
gateways are useful in sensitive environments where authenticated
access to critical resources is required. You can configure an internal
gateway in either tunnel mode or non-tunnel mode. The GlobalProtect
app connects to the internal gateway after performing internal host
detection to determine the location of the endpoint.
External gateway (auto discovery)
—An external gateway
resides outside of the corporate network and provides security enforcement
and/or virtual private network (VPN) access for your remote users.
By default, the GlobalProtect app automatically connects to the
—A manual external gateway
also resides outside of the corporate network and provides security
enforcement and/or VPN access for your remote users. The difference
between the auto-discovery external gateway and the manual external
gateway is that the GlobalProtect app only connects to a manual external
gateway when the user initiates a connection. You can also configure
different authentication requirements for manual external gateways.
To configure a manual gateway, you must identify the gateway as