Focus

Configure Priorities for Prisma Access and On-Premises Gateways

Table of Contents

Filter

Expand All | Collapse All

Prisma Access Docs

Activation & Onboarding
Administration
Version
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Integrations
Incidents & Alerts
Release Notes
Version
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred

Set Higher Priorities for Multiple On-Premises Gateways

Allow Mobile Users to Manually Select Specific Prisma Access Gateways

Configure Priorities for Prisma Access and On-Premises Gateways

Use this workflow to configure priorities for a deployment that uses on-premises gateways with Prisma Access.

Log in to Prisma Access.
Select NetworkGlobalProtectPortals in the Mobile_User_Template template.
Click the portal name in the Name field.
Click the Agent tab.
Click the name of the agent to configure.
The default agent is named DEFAULT.
Click the External tab.
Set the priority of the Prisma Access gateways.
1. Click GP cloud service.
2. Set the priority for your preferred configuration.
  To Set Equal Gateway Priorities for On-Premises and Prisma Access Gateways, change the priority from None to Highest.
  To Set a Higher Gateway Priority for an On-Premises Gateway or Set Higher Priorities for Multiple On-Premises Gateways, change the priority from None to Medium.
3. Be sure that the Manual check box is selected.
  Checking the Manual check box ensures that mobile users can select a specific Prisma Access gateway if it is required.
  
  Do not add a source region for the Prisma Access gateways; any region you specify is not applied to the configuration.
4. Click OK.
Add one or more on-premises external gateways to your configuration.
1. Enter a descriptive Name for the gateway.
  The name you enter should match the name you defined when you configured the gateway, and it should be descriptive enough for users to know the location of the gateway to which they connect.
2. Enter the FQDN or IP address of the interface where the gateway is configured in the Address field.
  You can configure an IPv4 address. The address you specify must exactly match the Common Name (CN) in the gateway server certificate.
3. Add one or more Source Regionsfor the on-premises gateway, or select Any to make the gateway available to all regions.
  
  If you set the priority of on-premises external gateways higher than Prisma Access gateways, we recommend that you specify source regions for the external gateways. If you specify Any for the region, the GlobalProtect app might never select Prisma Access gateways over on-premises gateways because of the higher priority for the on-premises gateways.
4. Select the Manual check box to allow users to manually switch to the gateway.
5. Set the Priority of the on-premises gateway to Highest (the default).
6. Click OK.
(Optional) Set the priority for additional gateways by repeating Step 8.

Be sure to specify the correct source regions.

The following figure shows a sample configuration with multiple gateways that have source regions in Norway, Sweden, and Denmark. Note that the Manual check box is selected, which indicates that a mobile user can manually select any of these gateways.