Prisma Access
Onboard the GlobalProtect Gateway and Configure the Prisma Access Portal
Table of Contents
Expand All
|
Collapse All
Prisma Access Docs
-
-
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
-
-
-
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Onboard the GlobalProtect Gateway and Configure the Prisma Access Portal
Where Can I Use This? | What Do I Need? |
---|---|
|
|
To complete the mobile user setup for Prisma
Access, you create a GlobalProtect gateway and add that gateway
to the Prisma Access portal. You configure the gateway in the VM-series
firewall (Router 1) instance in VPC 1 in mainland China. After configuration
is complete, mobile users in mainland China connect to the Prisma
Access portal, which directs them to the GlobalProtect gateway in
mainland China.
To configure the gateway and portal for a
mainland China deployment, compete the following steps.
- Add a GlobalProtect gateway and give it a name.
- Select an Interface of ethernet1/1.Add an Authentication method, specifying the Authentication Profile you created when you configured the router instancesConfigure Tunnel Settings by enabling Tunnel Mode and selecting tunnel.1 as the Tunnel Interface.For the Client IP Pool, select the IP address and subnet that you specified for the tunnel.1 tunnel interface (192.168.200.0/24 in this example).For Network Services, select the primary DNS IP address of the tunnel.1 interface as the Primary DNS IP address.Add and configure a DNS proxy to provide DNS services to mobile users.
- Select NetworkDNS Proxy and Add a DNS proxy.Specify the IP address of the Alibaba Cloud DNS server as the Primary server.To configure a different DNS proxy server to resolve internal domains, Add one or more DNS Proxy Rules and specify the Primary IP address of your organization’s DNS server and your organization’s Domain Name.Save and Commit your changes.(Optional) If redundancy is required, add one more VM-series instance as a GlobalProtect gateway and a router instance Router 2 in Alibaba Cloud. You can deploy this second set in the same or different regions and it will operate as an additional GlobalProtect gateway in China.Configure a Prisma Access portal and configure that portal to use the mainland China gateway.
- From the Panorama that manages Prisma Access, select NetworkGlobalProtectPortalsBe sure to select Mobile_User_Template from the Template drop-down.Select GlobalProtect_Portal to edit the Prisma Access portal configuration.Select the Agent tab and select the DEFAULT agent configuration or Add a new one.Select the External tab and Add an on-premise gateway with the name GPCS-CHINA-GW.Specify the following parameters:
- Specify the IP address of the VM-series ENI-Untrust interface.
- Select the Source Region of CN.
- Set the priority to High.
Click OK to save your changes.Continue to click OK until the portal configuration window closes.Commit all your changes to Panorama and push the configuration changes to Prisma Access.- Click CommitCommit to Panorama.Click CommitPush to Devices and click Edit Selections.On the Prisma Access tab, make sure that Prisma Access for users is selected and then click OK.Click Push.