Set Up the GlobalProtect Cloud Service

Provides quick steps to implement GlobalProtect cloud service.
The following workflow provides you with the summary steps that you take to install and configure GlobalProtect cloud service.
For more detailed steps to configure your service infrastructure, service connection, mobile users, and remote networks, see Roll Out Your GlobalProtect Cloud Service Implementation.
If you are setting up a deployment that includes multiple instances of GlobalProtect cloud services on a single Panorama (multi-tenancy), see Manage Multiple Tenants in GlobalProtect Cloud Service. Most organizations do not have a need to create and manage multiple tenants.
  1. Identify your license requirements; then License and Install the GlobalProtect Cloud Service Components.
  2. Import your existing Panorama configuration to GlobalProtect cloud service, or create new templates and device groups to begin configuration of GlobalProtect cloud service.
    There are some configuration differences between existing on-premise firewall configurations and a GlobalProtect cloud service configuration. For a list of features that GlobalProtect cloud service supports, see What features does GlobalProtect cloud service support?
  3. Enable the service infrastructure that allows communication between GlobalProtect cloud service elements.
    1. Plan to enable the service infrastructure and service connections.
    2. Enable the service infrastructure, including forwarding logs to Cortex Data Lake.
  4. (Optional) Set up the Log Forwarding app to forward logs from Cortex Data Lake (formerly Logging Service) to an external Syslog receiver.
  5. Plan and configure the GlobalProtect cloud service for mobile users, if required for your deployment.
  6. Create and configure service connections.
    (Optional) Configure BGP and quality of service (QoS) for your service connection.
  7. Plan, create and configure remote network connections.
    (Optional) Configure BGP and QoS for your remote network connection.
  8. Retrieve the IP addresses for remote networks and mobile users.
    You whitelist these addresses on your organization’s network to limit inbound access to your enterprise network and applications.

Related Documentation