Use Case: VM-Series Firewalls as GlobalProtect Gateways on
AWS
Securing mobile users from threats and risky applications
is often a complex mix of procuring and setting up the security
and IT infrastructure, ensuring bandwidth and uptime requirements
in multiple locations around the globe while staying within your
budget.
The VM-Series firewall on AWS melds the security and IT logistics
required to consistently and reliably protect devices used by mobile
users in regions where you do not have a presence. By deploying
the VM-Series firewall in the AWS cloud, you can quickly and easily
deploy GlobalProtect™ gateways in any region without the expense
or IT logistics that are typically required to set up this infrastructure
using your own resources.
To minimize latency, select AWS regions that are closest to your
users, deploy the VM-Series firewalls on EC2 instances, and configure
the firewalls as GlobalProtect gateways. With this solution, the
GlobalProtect gateways in the AWS cloud enforce security policy
for internet traffic so there is no need to backhaul that traffic
to the corporate network. Additionally, for access to resources
on the corporate network, the VM-Series firewalls on AWS leverage
the LSVPN functionality to establish IPSec tunnels back to the firewall
on the corporate network.
For ease of deployment and centralized management of this distributed
infrastructure, use Panorama to configure the GlobalProtect components
used in this solution. Optionally, to ensure that mobile devices,
such as smartphones and tablets, are safe for use on your network,
use a Mobile Device Manager to configure and manage mobile devices.