Plan to Secure Mobile Users in China

Before you start to provide secure access for mobile users in mainland China, determine your requirements and purchase the following Palo Alto Networks and third-party software and licensing:
  • If you use Alibaba Cloud as the hybrid connectivity, create an account on Alibaba Cloud with Admin privileges and the ability to create a CEN and perform real-name registration. This process can take 48 hours.
    In addition, gather the following required information to use Alibaba Cloud:
    • The regions where you will deploy Alibaba Cloud in mainland China.
    • The amount of bandwidth you will use for the CEN.
      Take both the bandwidth and the cost of the CEN into consideration when planning to use a CEN.
  • A Prisma Access subscription.
  • A licensed Palo Alto Networks next-generation firewall (either a VM-series or on-premise firewall) with a GlobalProtect subscription located in mainland China.
    You should also determine if your deployment requires additional subscriptions.
  • An IP address pool for mobile users in China.
    This pool must not overlap with pools used by Prisma Access in other regions.
  • A public key infrastructure (PKI) that can issue the required server certificates and key pairs that are required for the GlobalProtect gateway in China.
    Alternatively, you can use self-signed certificates.
  • In addition to the software requirements, you need a basic understanding of public cloud networking.

Recommended For You