GlobalProtect on Prisma Access
Provides a description of GlobalProtect on Prisma Access.
GlobalProtect allows you to protect mobile users by
installing the
GlobalProtect app on their
endpoints and configuring GlobalProtect settings in Prisma Access.
GlobalProtect allows you to secure mobile users’ access to all applications,
ports, and protocols, and to get consistent security whether the
user is inside or outside your network.
When you secure mobile users using GlobalProtect, you will need
to define the settings to configure the
portal and gateways in
the cloud. For example, you will define a portal hostname, set up
the IP address pool for your mobile users, and configure DNS settings
for your internal domains. You may be able to leverage using existing
configurations for some of the required settings, such as what authentication
profile to use to authenticate mobile users. If you already have
a template with your authentication profiles, certificates, certificate
profiles, and server profiles, you can add that template to the
predefined template stack during onboarding to simplify the setup
process.
While it is not necessary to push your Security policy settings
and objects to Prisma Access during the onboarding process, if you
already have device groups and templates with the configuration
objects you need (for example, Security policy, zones, User-ID configuration,
and other policy objects) go ahead and add them when you onboard.
This way you can to complete the
zone
mapping that is required to enable Prisma Access to map the
zones in your policy to the appropriate interfaces and zones within
the cloud. However, if you don’t have your policy set yet, you can
go back later and push it to Prisma Access for users.
In addition, if you want your mobile users to be able to connect
to your remote network locations, or if you have mobile users in
different geographical areas who need direct access to each other’s endpoints,
you must configure at least one
service connection
with placeholder values, even if you don’t plan to use the
connection to provide access to your data center or HQ locations.
The reason this is required is because, while all remote network
locations are fully meshed, Prisma Access gateways (also known as
locations)
connect to the service connection in a hub-and-spoke architecture
to provide access to the internal networks in your Prisma Access
infrastructure.