GlobalProtect allows you to protect mobile users by installing the GlobalProtect app on their endpoints and configuring GlobalProtect settings in Prisma Access. GlobalProtect allows you to secure mobile users’ access to all applications, ports, and protocols, and to get consistent security whether the user is inside or outside your network. For details on adding GlobalProtect to a Prisma Access environment, see Mobile Users: GlobalProtect.

To add GlobalProtect to your Palo Alto an NGFW environment, you start by preparing your firewall infrastructure, including loopback and tunnel interfaces, and assigning appropriate zones. Next, you configure the GlobalProtect portal and gateway to handle user authentication, client settings, and IP allocation. Routing and security policies are then set up to ensure VPN traffic reaches internal resources securely. Optional device posture checks (HIP) can be enabled for compliance enforcement. Finally, after committing the configuration, users can install the GlobalProtect app and securely connect to your network.

1. Set up Prerequisites
   To add GlobalProtect to your NGFW environment, you will need the following:

   • GlobalProtect Gateway license: Verify that your GlobalProtect Gateway license has been activated.
   • External DNS name: Decide on the external DNS name (e.g., vpn.yourdomain.com) and secure a matching SSL certificate.
   • Layer 3 or loopback interfaces: You will need a Layer 3 or loopback interface for the portal, and internal and external gateways.
   • Portal Hostname: Ensure that you know the fully qualified domain name (FQDN) of the portal.
2. Set Up Firewall
   In order to set up the firewall, you need to create interfaces and zones for GlobalProtect. See xxx.
   You also need to enable Enable SSL Between GlobalProtect Components.
3. Set Up Initial connection to GlobalProtect
   During this step, you define portal and gateway settings so users can authenticate and connect. See Configure a GlobalProtect Gateway and Set Up Access to the GlobalProtect Portal.
   To access private apps, resources, or the internet, you must also define traffic routing and security policies on the firewall.
4. (Optional) Configure split tunnel traffic based on an access route, destination domain, application, and HTTP/HTTPS video streaming application. See Split Tunnel Traffic on GlobalProtect Gateways.
5. Configure Device Posture
   Define HIP checks for device compliance. See Host Information.
6. Deploy GlobalProtect App
   Install and connect users through the GlobalProtect client. See GlobalProtect Apps.