The Palo Alto Networks firewall supports the following VPN deployments:
Site-to-Site VPN
— A simple VPN that connects a central site and a remote site, or a hub and spoke VPN that connects a central site with multiple remote sites. The firewall uses the IP Security (IPSec) set of protocols to set up a secure tunnel for the traffic between the two sites. See
Site-to-Site VPN Overview.
Remote User-to-Site VPN
—A solution that uses the GlobalProtect agent to allow a remote user to establish a secure connection through the firewall. This solution uses SSL and IPSec to establish a secure connection between the user and the site. Refer to the GlobalProtect Administrator’s Guide.
Large Scale VPN
— The Palo Alto Networks GlobalProtect Large Scale VPN (LSVPN) provides a simplified mechanism to roll out a scalable hub and spoke VPN with up to 1,024 satellite offices. The solution requires Palo Alto Networks firewalls to be deployed at the hub and at every spoke. It uses certificates for device authentication, SSL for securing communication between all components, and IPSec to secure data. See Large Scale VPN (LSVPN).
Large Scale VPN (LSVPN) The GlobalProtect Large Scale VPN (LSVPN) feature on the Palo Alto Networks next-generation firewall simplifies the deployment of traditional hub and ...
Site-to-Site VPN Overview
Site-to-Site VPN Overview A VPN connection that allows you to connect two Local Area Networks (LANs) is called a site-to-site VPN. You can configure route-based ...
Keys and Certificates
Keys and Certificates To ensure trust between parties in a secure communication session, Palo Alto Networks firewalls and Panorama use digital certificates. Each certificate contains ...
VPNs
VPNs Virtual private networks (VPNs) create tunnels that allow users/systems to connect securely over a public network, as if they were connecting over a local ...
Deployments Supported in AWS
Deployments Supported in AWS The VM-Series firewall secures inbound and outbound traffic to and from EC2 instances within the AWS Virtual Private Cloud ( VPC ...
Site-to-Site VPN Concepts
Site-to-Site VPN Concepts A VPN connection provides secure access to information between two or more sites. In order to provide secure access to resources and ...
LSVPN Overview
LSVPN Overview GlobalProtect provides a complete infrastructure for managing secure access to corporate resources from your remote sites. This infrastructure includes the following components: GlobalProtect ...
Create Interfaces and Zones for the LSVPN
Create Interfaces and Zones for the LSVPN You must configure the following interfaces and zones for your LSVPN infrastructure: GlobalProtect portal —Requires a Layer 3 ...
Use Case: VM-Series Firewalls as GlobalProtect Gateways in AWS
Use Case: VM-Series Firewalls as GlobalProtect Gateways in AWS Securing mobile users from threats and risky applications is often a complex mix of procuring and ...
GlobalProtect Gateways
GlobalProtect Gateways The PA-3020 in the co-location space (mentioned previously) also doubles as a GlobalProtect gateway (the Santa Clara Gateway). 10 additional gateways are deployed ...
