: GlobalProtect agent 4.0.3 and
later releases with PAN-OS 6.1 and later releases
To improve the logic the GlobalProtect agent uses to select the
best gateway, the GlobalProtect agent now prioritizes the gateways
assigned highest, high, and medium priority ahead of gateways assigned
a low or lowest priority regardless of response time. The GlobalProtect
agent then appends any gateways assigned a low or lowest priority
to the list of gateways. This ensures that the agent first attempts
to connect to the gateways that you configure with a higher priority.
This is useful in redundant data center deployments to ensure that
agents to prioritize connections to gateways in the primary data
center (with higher priority) over connections to gateways in the
backup data center (with lower priority).
For example, consider a deployment with two data centers: one
with three gateways and a secondary backup data center with two
gateways prioritized as shown in the following GlobalProtect portal
Now consider you have users who primarily access resources through
the gateways in the primary data center. When a user roams to a
location closer (in response time) to the secondary data center,
the agent now first tries the primary gateways for which you’ve
set a medium to high priority.
As a result, the GlobalProtect agent automatically tries a gateway
in the primary data center first before trying any of the gateways
in the secondary data center. By adjusting the priority level in
the GlobalProtect portal agent configuration,
you can ensure that your end users access the gateways prioritized
for that configuration.