Configure Priorities for Prisma Access and On-Premise Gateways

Use this workflow to configure priorities for a deployment that uses on-premise gateways with Prisma Access.
  1. Log in to Prisma Access.
  2. Select
    Network
    GlobalProtect
    Portals
    in the
    Mobile_User_Template
    template.
  3. Click the portal name in the
    Name
    field.
  4. Click the
    Agent
    tab.
    gateway_selection_gp_portal_agent.png
  5. Click the name of the agent to configure.
    The default agent is named
    DEFAULT
    .
  6. Click the
    External
    tab.
  7. Set the priority of the Prisma Access gateways.
    1. Click
      GP cloud service
      .
    2. Set the priority for your preferred configuration.
    3. Be sure that the
      Manual
      check box is selected.
      Checking the
      Manual
      check box ensures that mobile users can select a specific Prisma Access gateway if it is required.
      Do not add a source region for the Prisma Access gateways; any region you specify is not applied to the configuration.
    4. Click
      OK
      .
  8. Add
    one or more on-premise external gateways to your configuration.
    1. Enter a descriptive
      Name
      for the gateway.
      The name you enter should match the name you defined when you configured the gateway, and it should be descriptive enough for users to know the location of the gateway to which they connect.
    2. Enter the FQDN or IP address of the interface where the gateway is configured in the Address field.
      You can configure an IPv4 address. The address you specify must exactly match the Common Name (CN) in the gateway server certificate.
    3. Add one or more
      Source Regions
      for the on-premise gateway, or select
      Any
      to make the gateway available to all regions.
      If you set the priority of on-premise external gateways higher than Prisma Access gateways, we recommend that you specify source regions for the external gateways. If you specify
      Any
      for the region, the GlobalProtect app might never select Prisma Access gateways over on-premise gateways because of the higher priority for the on-premise gateways.
    4. Select the
      Manual
      check box to allow users to manually switch to the gateway.
    5. Set the
      Priority
      of the on-premise gateway to
      Highest
      (the default).
      gateway_selection_add_external_gateway.png
    6. Click
      OK
      .
      gateway_selection_equal_priorities.png
  9. (
    Optional
    ) Set the priority for additional gateways by repeating Step 8.
    Be sure to specify the correct source regions.
    The following figure shows a sample configuration with multiple gateways that have source regions in Norway, Sweden, and Denmark. Note that the
    Manual
    check box is selected, which indicates that a mobile user can manually select any of these gateways.
    gateway-selection-multiple-on-prem-gateways-screenshot.png

Recommended For You