GlobalProtect allows you to protect mobile users by installing the GlobalProtect app on their endpoints and configuring GlobalProtect settings in Prisma Access. GlobalProtect allows you to secure mobile users’ access to all applications, ports, and protocols, and to get consistent security whether the user is inside or outside your network.

When you secure mobile users using GlobalProtect, you will need to define the settings to configure the portal and gateways in the cloud. For example, you will define a portal hostname, set up the IP address pool for your mobile users, and configure DNS settings for your internal domains. You may be able to leverage using existing configurations for some of the required settings, such as what authentication profile to use to authenticate mobile users. If you already have a template with your authentication profiles, certificates, certificate profiles, and server profiles, you can add that template to the predefined template stack during onboarding to simplify the setup process.

In addition, if you want your mobile users to be able to connect to your remote network locations, or if you have mobile users in different geographical areas who need direct access to each other’s endpoints, you must configure at least one service connection with placeholder values, even if you don’t plan to use the connection to provide access to your data center or HQ locations. The reason this is required is because, while all remote network locations are fully meshed, Prisma Access gateways (also known as locations) connect to the service connection in a hub-and-spoke architecture to provide access to the internal networks in your Prisma Access infrastructure.