GlobalProtect can now use the geographic region
of the GlobalProtect client to determine the best external gateway.
By including source region as part of external gateway selection
logic, you can ensure that users connect to gateways that are preferred
for their current region. This can help avoid distant connections
when there are momentary fluctuations of network latency. This can
also be used to ensure all connections stay within a region if desired.
feature is not supported for IPv6 connections. Also, identifying
the region for the connecting endpoint may not be reliable if a
proxy server is used for the portal connection or if the firewall
performs a source NAT on the traffic to the portal.
make the gateway available to all regions. When users connect, GlobalProtect
recognizes the device region and only allows uses to connect to
gateways that are configured for that region. GlobalProtect prioritizes
the source region first, and then considers gateway priority.
of the gateway:
If you have only one external gateway, you can leave the
value set to
you have multiple external gateways, you can modify the priority
values (ranging from
to indicate a preference for the specific user group to which this
configuration applies. For example, if you prefer that the user
group connects to a local gateway you would set the priority higher
than that of more geographically distant gateways. The priority
value is then used to weight the agent’s gateway selection algorithm.
you do not want agents to automatically establish tunnel connections
with the gateway, select