VPN Deployments
Focus
Focus
Network Security

VPN Deployments

Table of Contents

VPN Deployments

Where Can I Use This?What Do I Need?
  • Prisma Access
  • PAN-OS
No license required
The Palo Alto Networks firewall supports the following VPN deployments:
  • Site-to-Site VPN— A simple VPN that connects a central site and a remote site, or a hub and spoke VPN that connects a central site with multiple remote sites. The firewall uses the Internet Protocol Security (IPSec) set of protocols to set up a secure tunnel for the traffic between the two sites. See Site-to-Site VPN Overview.
  • Remote User-to-Site VPN—A solution that uses the GlobalProtect agent to allow a remote user to establish a secure connection through the firewall. This solution uses SSL and IPSec to establish a secure connection between the user and the site. Refer to the GlobalProtect Administrator’s Guide.
  • Large Scale VPN— The Palo Alto Networks GlobalProtect Large Scale VPN (LSVPN) provides a simplified mechanism to roll out a scalable hub and spoke VPN with up to 1,024 satellite offices. The solution requires Palo Alto Networks firewalls to be deployed at the hub and at every spoke. It uses certificates for device authentication, SSL for securing communication between all components, and IPSec to secure data. See Large Scale VPN (LSVPN).
  • Remote Site VPN—Remote sites use IPSec tunnels to secure users and devices in remote network locations. In addition, mobile users secured with GlobalProtect and users at remote sites access private applications using either IPSec tunnels (for service connections or ZTNA Connectors) or GRE tunnels (for Colo-Connect connections).
The following figure illustrates how various users, partners, and offices connect to the same corporate headquarters with different VPN deployments.