Focus

Next-Generation Firewall

Large Scale VPN (LSVPN)

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Networking
Quick Start
Reference
Incidents & Alerts
Release Notes
Select a Document
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
Help
Select a Document
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1

Maintain Custom Timeouts for Data Center Applications

Create Interfaces and Zones for the LSVPN

Large Scale VPN (LSVPN)

Learn about LSVPN and its infrastructure. LSVPN enables quick and secure network interconnections across enterprise branches with minimal configuration.

Where Can I Use This?	What Do I Need?
NGFW	No separate license required for LSVPN when using NGFWs

The GlobalProtect Large Scale VPN (LSVPN) feature on the Palo Alto Networks Next-Generation Firewall simplifies the deployment of traditional hub and spoke VPNs, enabling you to deploy enterprise networks with several branch offices quickly with a minimum amount of configuration required on the remote satellites. This solution uses certificates for firewall authentication and IPSec to secure data.

LSVPN enables site-to-site VPNs between Palo Alto Networks firewalls. To set up a site-to-site VPN between a Palo Alto Networks firewall and another device, see VPNs. The LSVPN doesn’t require a GlobalProtect subscription.

LSVPN Overview

GlobalProtect provides a complete infrastructure for managing secure access to corporate resources from your remote sites. This infrastructure includes the following components:

GlobalProtect Portal—Provides the management functions for your GlobalProtect LSVPN infrastructure. Every satellite that participates in the GlobalProtect LSVPN receives configuration information from the portal, including configuration information to enable the satellites (the spokes) to connect to the gateways (the hubs). You configure the portal on an interface on any Palo Alto Networks Next-Generation Firewall.
GlobalProtect Gateways—A Palo Alto Networks firewall that provides the tunnel endpoint for satellite connections. The Satellites access resources that you protect using Security policy rules on the gateway. It isn’t required to have a separate portal and gateway; a single firewall can function both as portal and gateway.
GlobalProtect Satellite—A Palo Alto Networks firewall at a remote site that establishes IPSec tunnels with one or more gateways at your corporate office(s) for secure access to centralized resources. Configuration on the satellite firewall is minimal, enabling you to scale your VPN quickly and easily as you add new sites.

The following diagram illustrates how the GlobalProtect LSVPN components work together.

Maintain Custom Timeouts for Data Center Applications

Create Interfaces and Zones for the LSVPN

Next-Generation Firewall Docs

Large Scale VPN (LSVPN)

Next-Generation Firewall Docs

Large Scale VPN (LSVPN)

LSVPN Overview

Activation and Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

FedRAMP

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

3rd Party Integrations

Best Practices

Experts Corner