Hardware reference guide

ManualsBrandsAlto ManualsComputer equipmentBEXT 100H

161

162

163

164

165

166

167

168

169

170

160 GlobalProtect Administrator’s Guide

GlobalProtect Multiple Gateway Configuration GlobalProtect Quick Configs

Quick Config: GlobalProtect Multiple Gateway Configuration

Step 1 Create Interfaces and Zones for

GlobalProtect.

In this configuration, you must set up

interfaces on each firewall hosting a

gateway.

Use the

default virtual router for all

interface configurations to avoid

having to create inter-zone routing.

On the firewall hosting the portal/gateway (gw1):

• Select

Network > Interfaces > Ethernet and configure

ethernet1/2 as a Layer 3 Ethernet interface with IP address

198.51.100.42 and assign it to the l3-untrust security zone and the

default virtual router.

• Create a DNS “A” record that maps IP address 198.51.100.42 to

gp1.acme.com.

• Select

Network > Interfaces > Tunnel and add the tunnel.2

interface and add it to a new zone called corp-vpn. Assign it to the

default virtual router.

• Enable User Identification on the corp-vpn zone.

On the firewall hosting the second gateway (gw2):

• Select

Network > Interfaces > Ethernet and configure

ethernet1/5 as a Layer 3 Ethernet interface with IP address

192.0.2.4 and assign it to the l3-untrust security zone and the

default virtual router.

• Create a DNS “A” record that maps IP address 192.0.2.4 to

gp2.acme.com.

• Select

Network > Interfaces > Tunnel and add the tunnel.1

interface and add it to a new zone called corp-vpn. Assign it to the

default virtual router.

• Enable User Identification on the corp-vpn zone.

Step 2 Purchase and install a GlobalProtect

Portal license on the firewall hosting the

portal. This license is required to enable a

multiple gateway configuration.

You will also need a GlobalProtect

gateway subscription on each

gateway if you have users who will

be using the GlobalProtect app on

their mobile devices or if you plan

to use HIP-enabled security policy.

After you purchase the portal license and receive your activation

code, install the license on the firewall hosting the portal as follows:

1. Select

Device > Licenses.

2. Select

Activate feature using authorization code.

3. When prompted, enter the

Authorization Code and then click

OK.

4. Verify that the license was successfully activated.

Step 3 On each firewall hosting a GlobalProtect

gateway, create security policy.

This configuration requires policy rules to enable traffic flow

between the corp-vpn zone and the l3-trust zone to enable access to

your internal resources (

Policies > Security).