Onboard the GlobalProtect Gateway and Configure the Prisma Access Portal

Add a GlobalProtect gateway and give it a name.
Select an

Interface

of

ethernet1/1.



Add

an

Authentication

method, specifying the

Authentication Profile

you created when you configured the router instances



Configure

Tunnel Settings

by enabling

Tunnel Mode

and selecting

tunnel.1

as the

Tunnel Interface

.



For the

Client IP Pool

, select the IP address and subnet that you specified for the

tunnel.1

tunnel interface (192.168.200.0/24 in this example).



For

Network Services

, select the primary DNS IP address of the

tunnel.1

interface as the

Primary DNS

IP address.


Add and configure a DNS proxy to provide DNS services to mobile users.
Select
Network
DNS Proxy
and
Add
a DNS proxy.
Specify the IP address of the Alibaba Cloud DNS server as the
Primary
server.
To configure a different DNS proxy server to resolve internal domains,
Add
one or more
DNS Proxy Rules
and specify the
Primary
IP address of your organization’s DNS server and your organization’s
Domain Name
.

Save
and
Commit
your changes.
(
Optional
) If redundancy is required, add one more VM-series instance as a GlobalProtect gateway and a router instance Router 2 in Alibaba Cloud. You can deploy this second set in the same or different regions and it will operate as an additional GlobalProtect gateway in China.
Configure a Prisma Access portal and configure that portal to use the mainland China gateway.
From the Panorama that manages Prisma Access, select
Network
GlobalProtect
Portals
Be sure to select
Mobile_User_Template
from the
Template
drop-down.
Select
GlobalProtect_Portal
to edit the Prisma Access portal configuration.

Select the
Agent
tab and select the
DEFAULT
agent configuration or
Add
a new one.
Select the
External
tab and
Add
an on-premise gateway with the name
GPCS-CHINA-GW
.
Specify the following parameters:
Specify the

IP

address of the VM-series ENI-Untrust interface.

Select the

Source Region

of

CN

.

Set the priority to

High

.


Click
OK
to save your changes.

Continue to click
OK
until the portal configuration window closes.
Commit all your changes to Panorama and push the configuration changes to Prisma Access.
Click
Commit
Commit to Panorama
.
Click
Commit
Push to Devices
and click
Edit Selections
.
On the
Prisma Access
tab, make sure that
Prisma Access for users
is selected and then click
OK
.
Click
Push
.