About the GlobalProtect Components
GlobalProtect provides a complete infrastructure for managing your mobile workforce to enable secure access for all your users, regardless of what endpoints they are using or where they are located. This infrastructure includes the following components:
The GlobalProtect portal provides the management functions for your GlobalProtect infrastructure. Every endpoint that participates in the GlobalProtect network receives configuration information from the portal, including information about available gateways as well as any client certificates that may be required to connect to the GlobalProtect gateway(s). In addition, the portal controls the behavior and distribution of the GlobalProtect app software to both macOS and Windows endpoints (on mobile endpoints, the GlobalProtect app is distributed through the Apple App Store for iOS endpoints, Google Play for Android endpoints, the Microsoft Store for Windows 10 UWP endpoints, and the Chrome Web Store for Chromebooks). If you are using the Host InformationProfile (HIP) feature, the portal also defines what information to collect from the host, including any custom information you require. You can Set Up Access to the GlobalProtect Portal on an interface on any Palo Alto Networks next-generation firewall.
GlobalProtect gateways provide security enforcement for traffic from GlobalProtect apps. Additionally, if the HIP feature is enabled, the gateway generates a HIP report from the raw host data the apps submit and can use this information in policy enforcement. You can configure different Types of Gateways to provide security enforcement and/or virtual private network (VPN) access for your remote users, or to apply security policy for access to internal resources.
You can Configure a GlobalProtect Gateway on an interface on any Palo Alto Networks next-generation firewall. You can run both a gateway and a portal on the same firewall, or you can have multiple distributed gateways throughout your enterprise.
The GlobalProtect app software runs on endpoints and enables access to your network resources through the GlobalProtect portals and gateways that you have deployed.
The GlobalProtect app for Windows and macOS endpoints is deployed from the GlobalProtect portal. You can configure the behavior of the app—for example, which tabs the users can see—in the client configuration(s) that you define on the portal. See Define the GlobalProtect Agent Configurations, Customize the GlobalProtect App, and Deploy the GlobalProtect App Software for details.
The GlobalProtect app for mobile endpoints (iOS, Android, Windows UWP, and Chrome OS) is available through the official store for the endpoint—the Apple App Store for iOS, Google Play for Android, the Microsoft Store for Windows UWP, and the Chrome Web Store for Chromebooks (Chrome OS). You can alternatively Deploy the GlobalProtect Mobile App Using AirWatch, which is a third-party mobile endpoint management system.
See What OS Versions are Supported with GlobalProtect? for more details.
The following diagram illustrates how the GlobalProtect portals, gateways, and apps work together to enable secure access for all your users, regardless of what endpoints they are using or where they are located.
GlobalProtect Portal Overview
GlobalProtect Portal Overview The GlobalProtect portal provides the management functions for your GlobalProtect infrastructure. Every endpoint that participates in the GlobalProtect network receives configuration information ...
Download and Install the GlobalProtect Mobile App
Download and Install the GlobalProtect Mobile App The GlobalProtect app provides a simple way to extend the enterprise security policies out to mobile endpoints. As ...
Deploy the GlobalProtect App Software
Deploy the GlobalProtect App Software In order to connect to GlobalProtect™, an endpoint must be running the GlobalProtect app software. The software deployment method depends ...
Network > GlobalProtect > Portals
Network > GlobalProtect > Portals Select Network GlobalProtect Portals to set up and manage a GlobalProtect™ portal. The portal provides the management functions for the ...
About GlobalProtect Licenses
About GlobalProtect Licenses If you want to use GlobalProtect to provide a secure remote access or virtual private network (VPN) solution via single or multiple ...
Learn about the exciting new GlobalProtect™ features introduced in the PAN-OS® 9.0 release. ...
Set Up a Mobile Endpoint Management System
Set Up the MDM Integration With GlobalProtect To set up the MDM integration with GlobalProtect, use the following workflow: Set up the GlobalProtect Infrastructure. Create ...
Deploy the GlobalProtect Mobile App
Deploy the GlobalProtect Mobile App The GlobalProtect app provides a simple way to extend the enterprise security policies out to mobile endpoints. As with other ...
Customize the GlobalProtect App
Customize the GlobalProtect App The portal agent configuration allows you to customize how your end users interact with the GlobalProtect apps installed on their endpoints. ...