GlobalProtect Gateways Overview

Because the GlobalProtect portal configuration that is delivered to the apps includes the list of gateways to which the endpoint can connect, it is recommended that you configure the gateways before configuring the portal.
GlobalProtect Gateways are configured to provide two main functions:
  • Enforce security policy for the GlobalProtect apps that connect to the gateways. You can also enable HIP collection on the gateway for enhanced security policy granularity. For more information on enabling HIP checks, see Host Information.
  • Provide virtual private network (VPN) access to the internal corporate network. VPN access is provided through an IPsec or SSL tunnel between the endpoint and the tunnel interface on the firewall hosting the gateway.
    You can also configure GlobalProtect gateways on VM-Series firewalls deployed in the AWS cloud. By deploying the VM-Series firewall in the AWS cloud, you can quickly and easily deploy GlobalProtect gateways in any region without the expense or IT logistics that are typically required to set up this infrastructure. For details, see Use Case: VM-Series Firewalls as GlobalProtectGateways in AWS.

Related Documentation