GlobalProtect — Set It Up (Cloud Management)

Set up a mobile users location in just a few steps (Prisma Access Cloud Management).
In just a few steps, here’s how to start onboarding GlobalProtect mobile users to Prisma Access.

  1. Enable GlobalProtect as a mobile user connection type
    Go to
    Prisma Access Setup
    Mobile Users
    With a
    GlobalProtect Connection
    , the GlobalProtect app installed on mobile user devices sends traffic to Prisma Access.
  2. Set up basic infrastructure settings
    Configure the infrastructure settings that are specific to GlobalProtect. There are a few required settings you’ll need to fill out initially, so that Prisma Access can provision your mobile users environment.
    Go to .
  3. Choose the Prisma Access location to which your GlobalProtect users will connect
    Add the Prisma Access locations where you want to support GlobalProtect users. Go to
    Prisma Access Setup
    The map displays the global regions where you can deploy Prisma Access for users. In addition, Prisma Access provides multiple locations within each region to ensure that your users can connect to a location that provides a user experience tailored to the users’ locale. For the best performance,
    Select All
    . Alternatively, select the specific locations within each selected region where your users will need access. By limiting your deployment to a single region, you can have more granular control over your deployed regions and exclude regions required by your policy or industry regulations.
    For the best user experience, if you are limiting the number of locations, choose locations that are closest to your users or in the same country as your users. If a location is not available in the country where your mobile users reside, choose a location that is closest to your users for the best performance.
    Few locations are marked as
    Local Zones
    . These locations provide Prisma Access compute location close to large population and industry centers. These local zones do not use Palo Alto Networks registered IP addresses and use cloud provider registered IP addresses. If you have problems accessing URLs, report the website issue to Palo Alto Networks support.
  4. Authenticate GlobalProtect users
    Set up User Authentication so that only legitimate users have access to your services and applications. Go to
    Prisma Access Setup
    To test your setup, you can add users that Prisma Access authenticates locally, or you can go straight to setting up enterprise-level authentication (here’s more on how to Enable Mobile Users to Authenticate to Prisma Access).
  5. Prisma Access enforces best practice security policy rules by default. These rules allow your users to securely browse to general internet sites. Users are:
    • Blocked from visiting known bad websites based on URL
    • Blocked from uploading or downloading files that are known to be malicious
    • Protected from unknown, never-before-seen threats
    • Protected from viruses, spyware (command and control attacks), and vulnerabilities
    After going through the initial setup, you can review and update these default rules to meet your enterprise needs.
  6. Verify that the mobile users location is active
    After you push your initial configuration to Prisma Access, Prisma Access begins provisioning your GlobalProtect mobile user environment. This can take up to 15 minutes. When your mobile user locations are up and running, you’ll be able to verify them on the Mobile Users setup pages and within Prisma Access Insights.
    You can also validate your setup by selecting
    Prisma Access Setup
    and edit infrastructure settings to confirm a gateway is set up in each of the locations you provisioned.

Recommended For You