Features Introduced in GlobalProtect Cloud Service
The following table describes the new features introduced in the Cloud Services plugin version 1.3.1.
This release has changes to default behavior for mobile users regional IP pools when you upgrade that might affect your deployment. See Changes to Default Behavior for a list of the changes.
When you onboard mobile users, this release includes the ability to specify one or more locations in a region in order to exclude deployment in all regions. This feature provide more granular control over deployed regions and allows you to exclude regions as required by your policy or industry regulations. You select the locations in the region from locations on a map during the onboarding process.
Reduced IP Address Pool Requirement for Mobile Users
You can now specify a minimum IP address pool of a /23 subnet (512 addresses) for a single region when you onboard mobile users. The lowered IP pool requirement is useful in proof of concept or evaluation situations when you don’t have a large available block of private IP addresses. After you onboard a single region, you can then onboard additional regions in stages and add more IP address pools for those regions.
Pre-defined IPSec Tunnel Configurations
GlobalProtect cloud service includes pre-defined IPSec tunnel profiles for some common third-party IPSec and SD-WAN devices. These profiles expedite and simplify the onboarding of service connections and remote network connections that use one of these devices to terminate the connection.
Clientless VPN Portal
This GlobalProtect cloud service release supports Clientless VPN.
Clientless VPN Reverse Proxy for SaaS Security
GlobalProtect cloud service allows you to control unsanctioned and employee-owned device access to your network and redirect device traffic to GlobalProtect cloud service for inspection without putting your network or data at risk. Unsanctioned device access control utilizes SAML redirection by proxy instead of directly exposing the SaaS app on your network, removing all possible vulnerabilities to data exfiltration and malware propagation.
New location Paris Available for Mobile Users, Remote Networks, and Service Connections
An additional location, Europe (Paris), is added to the list of available locations.
Existing deployments with all gateways specified do not have this region added automatically; to add it, select PanoramaCloud ServicesConfigurationMobile UsersConfigureLocations and select the Paris location in the map that displays.
Additional Bandwidth Choices for Remote Networks
To better accommodate larger networks, additional remote network bandwidth choices of 500 Mbps or 1000 Mbps (1000 Mbps) is added. All existing remote network bandwidth choices are retained.
This feature is being deployed in Preview Mode for 1.3.1. We will deliver up to 500 Mbps or 1000 Mbps of throughput on a best-effort basis during the preview. The actual performance will vary depending upon the traffic mix.
Support for Overlapping Subnet - Internet Outbound
You can deploy remote network locations with overlapping subnets in the same region (for example, for a guest network at a retail store) for internet outbound only. Prior to this release, you had to specify separate regions for any remote networks that have overlapping subnets.
Configuring remote networks with overlapping subnets changes the behavior of the remote network; see Remote Network Locations with Overlapping Subnets in the GlobalProtect Cloud Service Administrator’s Guide for details. Other remote networks in your deployment without overlapping subnets are not affected.
Remote Network Locations with Overlapping Subnets
Learn how to onboard two remote network locations that have overlapping subnets to the GlobalProtect cloud service. ...
Quick Configs for Remote Network Deployments
Quick Configs for Remote Network Deployments The following topics show some common GlobalProtect cloud service deployment scenarios for remote network deployments and provide instructions for ...
Remote Network Location with High Bandwidth Requirements
Learn how to onboard a GlobalProtect cloud service remote network location at a site with high bandwidth or redundancy requirements. ...
Plan the GlobalProtect Cloud Service for Mobile Users
Plan the GlobalProtect Cloud Service for Mobile Users Before you begin to Configure the GlobalProtect Cloud Service for Mobile Users , make sure you have ...
Dual ISPs in Active-Active Mode
Learn how to support dual ISPs in an active-active configuration at a GlobalProtect cloud service remote network location. ...
Configure the GlobalProtect Cloud Service for Remote Networ...
Configure the GlobalProtect Cloud Service for Remote Networks For each remote network that you want to secure using the GlobalProtect cloud service for remote networks, ...
GlobalProtect Cloud Service Known Issues
GlobalProtect Cloud Service Known Issues GlobalProtect cloud service has the following known issues. Issue ID Description CYR-6521 When configuring multi-tenancy, the push scope is not ...
Plan the GlobalProtect Cloud Service for Remote Networks
Plan the GlobalProtect Cloud Service for Remote Networks The GlobalProtect cloud service for remote networks allows you to pick the geographic locations where you want ...
Changes to Default Behavior
Changes to default behavior in GlobalProtect app 5.0 for Android, Chrome, Windows, Windows 10 UWP, Mac, and Linux. ...