>
    Strata Copilot
    GlobalProtect Overview
    Focus
    Download PDF
    Focus
    1. Home
    2. GlobalProtect
    3. GlobalProtect Overview
    Download PDF
    GlobalProtect

    GlobalProtect Overview

    Table of Contents

    GlobalProtect Overview

    GlobalProtect solves the security challenges introduced by roaming users by extending next-generation firewall-based policies to all users, no matter where they are located.
    Whether checking email from home or updating corporate documents from an airport, the majority of today's employees work outside the physical corporate boundaries. This workforce mobility increases productivity and flexibility while simultaneously introducing significant security risks. Every time users leave the building with their laptops or smart phones, they are bypassing the corporate firewall and associated policies that are designed to protect both the user and the network. GlobalProtect™ solves the security challenges introduced by roaming users by extending the same next-generation firewall-based policies that are enforced within the physical perimeter to all users, no matter where they are located.
    The GlobalProtect infrastructure includes the following components.

    GlobalProtect Portal

    The GlobalProtect portal provides the management functions for your GlobalProtect infrastructure. Every endpoint that participates in the GlobalProtect network receives configuration information from the portal, including information about available gateways as well as any client certificates that may be required to connect to the GlobalProtect gateway. In addition, the portal controls the behavior and distribution of the GlobalProtect app software to both macOS and Windows endpoints. On mobile endpoints, the GlobalProtect app is distributed through the Apple App Store for iOS endpoints, Google Play for Android endpoints and Chromebooks, and the Microsoft Store for Windows 10 UWP endpoints. If you're using the Host Information Profile (HIP) feature, the portal also defines what information to collect from the host, including any custom information you require. You can Set Up Access to the GlobalProtect Portal on an interface on any Palo Alto Networks Next-Generation Firewall.

    GlobalProtect Gateways

    GlobalProtect gateways provide security enforcement for traffic from GlobalProtect apps. Additionally, if the HIP feature is enabled, the gateway generates a HIP report from the raw host data the apps submit and can use this information in policy enforcement. You can configure different types of gateways to provide security enforcement and virtual private network (VPN) access for your remote users, or to apply security policy for access to internal resources.
    You can configure a GlobalProtect Gateway on an interface on any Palo Alto Networks Next-Generation Firewall. You can run both a gateway and a portal on the same firewall, or you can have multiple distributed gateways throughout your enterprise.

    GlobalProtect App

    The GlobalProtect app software runs on endpoints and enables access to your network resources through the GlobalProtect portals and gateways that you have deployed.
    The GlobalProtect app for Windows and macOS endpoints is deployed from the GlobalProtect portal. You can configure the behavior of the app—for example, which tabs the users can see—in the client configurations that you define on the portal. See Define the GlobalProtect Agent Configurations, Customize the GlobalProtect App, and Deploy the GlobalProtect App Software for details.
    The GlobalProtect app for mobile endpoints (iOS, Android, and Windows UWP) is available through the official store for the endpoint—the Apple App Store for iOS, Google Play for Android, and the Microsoft Store for Windows UWP. You can alternatively deploy the GlobalProtect Mobile App Using Workspace ONE or other supported third-party mobile endpoint management systems.
    See What OS Versions are Supported with GlobalProtect? for more details.
    The following diagram illustrates how the GlobalProtect portals, gateways, and apps work together to enable secure access for all your users, regardless of what endpoints they are using or where they are located.
    GlobalProtect app features operate as intended only when the integrity of the endpoints and end users is intact. If malicious end users or malware compromise these elements, they may undermine the proper functioning of these features.

    © 2026 Palo Alto Networks, Inc. All rights reserved.