The Palo Alto Networks firewall supports the following
— A simple VPN that connects a
central site and a remote site, or a hub and spoke VPN that connects
a central site with multiple remote sites. The firewall uses the
IP Security (IPSec) set of protocols to set up a secure tunnel for
the traffic between the two sites. See Site-to-Site VPN Overview.
Remote User-to-Site VPN
—A solution that uses the GlobalProtect
agent to allow a remote user to establish a secure connection through
the firewall. This solution uses SSL and IPSec to establish a secure
connection between the user and the site. Refer to the GlobalProtect Administrator’s
Large Scale VPN
— The Palo Alto Networks GlobalProtect
Large Scale VPN (LSVPN) provides a simplified mechanism to roll
out a scalable hub and spoke VPN with up to 1,024 satellite offices.
The solution requires Palo Alto Networks firewalls to be deployed
at the hub and at every spoke. It uses certificates for device authentication,
SSL for securing communication between all components, and IPSec
to secure data. See Large Scale VPN (LSVPN).