GlobalProtect Cloud Service Infrastructure Management
It is important to understand who owns and manages the components in the GlobalProtect cloud service infrastructure. To see when GlobalProtect cloud services updates the components of the cloud infrastructure, see Release Cadence for GlobalProtect Cloud Service Infrastructure Updates.
To see the features that GlobalProtect cloud service supports, see What features does GlobalProtect cloud service support?
GlobalProtect cloud service uses a shared ownership model. Palo Alto Networks manages the underlying security infrastructure, ensuring it is secure, resilient, up-to-date and available to you when you need it. Your organization’s responsibility is to onboard locations and users, push policies, update them, query logs, and generate reports.
Your organization manages the following components of the security infrastructure:
- Users—You manage the onboarding of mobile users.
- Authentication—You manage the authentication of those users.
- Mobile device management (MDM)—You can control your organization's mobile devices that are protected with GlobalProtect Cloud Service using your own MDM software.
- Panorama and Cloud Services plugin—You make sure that the Panorama on which the Cloud Services plugin is installed is running a Panorama version that supports the Cloud Services plugin. In addition, you upgrade the Cloud Services plugin in Panorama after we inform you that a new plugin is available.
- Policy creation and management—You plan for and create the policies in Panorama to use with GlobalProtect cloud service.
- Log analysis and forensics—GlobalProtect cloud service provides the logs, you provide the analysis and reporting, using integrated tools provided by us or by another vendor.
- On-premise security—You provide the on-premise security between micro-segmentations of your on-premise network. In some deployments, you can also direct all traffic to be secured with GlobalProtect cloud service.
- Networking—You provide the network connectivity to GlobalProtect cloud service.
- Monitoring—You monitor the on-premise network’s status.
- Service Connectivity—You provide the connectivity to the GlobalProtect cloud service gateway for mobile users (for example, provide an ISP), and you also provide the on-premise devices used as the termination points for the IPSec tunnels used by service connections and remote network connections.
- Onboarding—You onboard the mobile users, HQ/Data center sites, and branch sites.
Palo Alto Networks manages the following parts of the security infrastructure:
- GlobalProtect cloud service
- Cortex Data Lake—We manage the delivery mechanism for logs.
- Content updates—We manage the updating of the GlobalProtect cloud service infrastructure, including PAN-OS updates.
- Fault tolerance—We manage the availability of the service.
- Auto scaling—We automatically scale the service when you add service connections or remote networks, or when additional mobile users log in to one or more gateways in a single region.
- Provisioning—We provision the infrastructure with everything that is required.
- Service monitoring—We monitor the service status and keep it functioning.
GlobalProtect Cloud Service Known Issues
GlobalProtect Cloud Service Known Issues GlobalProtect cloud service now supports Panorama version 8.0.5 or later, 8.1.0 or later, or 9.0.0 or later. Refer to the ...
Get Started with GlobalProtect Cloud Service Overview
Provides quick steps to implement GlobalProtect cloud service. ...
GlobalProtect Cloud Service Overview
Read this section to get an idea of what GlobalProtect cloud service is and does. ...
GlobalProtect Cloud Service with On-Premise Gateways
GlobalProtect Cloud Service with On-Premise Gateways GlobalProtect cloud service enables you to extend the Palo Alto Networks security platform out to your remote network locations ...
Quick Configs for Mobile User Deployments
Quick Configs for Mobile User Deployments The following topics show some common GlobalProtect cloud service deployment scenarios for remote networks and provide instructions for how ...
Manage Priorities for GlobalProtect Cloud Service and On-Premise Gateways
Manage Priorities for GlobalProtect Cloud Service and On-Premise Gateways GlobalProtect cloud service enables you to extend the Palo Alto Networks security platform out to your ...
GlobalProtect Cloud Service
GlobalProtect Cloud Service As your business is expanding globally with new remote network locations popping up around the globe and mobile users roaming the world, ...
Configure the GlobalProtect Cloud Service for Mobile Users
Configure the GlobalProtect Cloud Service for Mobile Users After you enable the service infrastructure and plan the GlobalProtect cloud service for mobile users , you ...
How the GlobalProtect App Selects a GlobalProtect Cloud Service Gateway
How the GlobalProtect App Selects a GlobalProtect Cloud Service Gateway When a mobile user connects to a GlobalProtect cloud service gateway, the app uses the ...