GlobalProtect Portals Agent External Tab

Select NetworkGlobalProtectPortals<GlobalProtect-portal-config>Agent<agent-config>External to configure the settings for external gateways for an agent configuration.
GlobalProtect Portal External Settings
Cutoff Time (sec)
Specify the number of seconds that an agent or app waits for all of the available gateways to respond before it selects the best gateway. For subsequent connection requests, the agent or app tries to connect to only those gateways that responded before the cutoff. A value of 0 means the agent or app uses the TCP Connection Timeout in AppConfigurations in the App tab (range is 0 to 10; default is 5).
External Gateways
Specify the list of firewalls to which agents can try to connect when establishing a tunnel while not on the corporate network.
Add external gateways that include the following information for each:
  • Name—A label of up to 31 characters to identify the gateway. The name is case-sensitive and must be unique. Use only letters, numbers, spaces, hyphens, and underscores.
  • Address—The IP address or FQDN of the firewall interface where the gateway is configured. The value must match the CN (and SAN if specified) in the gateway server certificate. For example, if you used a FQDN to generate the certificate, you must also enter the FQDN here.
  • Source Region—Source region for client devices. When users connect, GlobalProtect recognizes the device region and only allows users to connect to gateways that are configured for that region. For gateway choices, source region is considered first, then gateway priority.
  • Priority—Select a value (Highest, High, Medium, Low, Lowest, or Manual only) to help the agent determine which gateway to use. The agent will contact all specified gateways (except those with a priority of Manual only) and establish a tunnel with the firewall that provides the fastest response and the highest priority value. Manual only prevents the GlobalProtect agent from attempting to connect to this gateway when Auto Discovery is enabled on the client. With GlobalProtect agent 4.0.3 and later releases, the agent will first contact all specified gateways with a Highest, High, or Medium priority and establish a tunnel with the gateway that provides the fastest response. If the higher priority gateways are unreachable, the agent next contacts any additional gateways with lower priority values (excludes Manual only gateways).
  • Manual—Select this option to let users manually select (or switch to) a gateway. The GlobalProtect agent can connect to any external gateway that is configured as Manual. When the agent or app connects to another gateway, the existing tunnel is disconnected and a new tunnel established. The manual gateways can also have a different authentication mechanism than the primary gateway. If a client system is restarted or if a rediscovery is performed, the GlobalProtect agent connects to the primary gateway. This feature is useful if a group of users needs to connect temporarily to a specific gateway to access a secure segment of your network.
Third Party VPN
Third Party VPN
To direct the GlobalProtect agent or app to ignore selected, third-party VPN clients so that GlobalProtect does not conflict with them, Add the name of the VPN client: Select the name from the list, or enter the name in the field provided. GlobalProtect ignores the route settings for the specified VPN clients if you configure this feature.

Related Documentation