Manualshelf

Hardware reference guide

ManualsBrandsAlto ManualsComputer equipmentBEXT 100H
169170171172173174175176177178
168 GlobalProtect Administrator’s Guide
Mixed Internal and External Gateway Configuration GlobalProtect Quick Configs
Mixed Internal and External Gateway Configuration
In a GlobalProtect mixed internal and external gateway configuration, you configure separate gateways for VPN
access and for access to your sensitive internal resources. With this configuration, agents perform internal host
detection to determine if they are on the internal or external network. If the agent determines it is on the
external network, it will attempt to connect to the external gateways listed in its client configuration and it will
establish a VPN (tunnel) connection with the gateway with the highest priority and the shortest response time.
Because security policies are defined separately on each gateway, you have granular control over which resources
your external and internal users have access to. In addition, you also have granular control over which gateways
users have access to by configuring the portal to deploy different client configurations based on user/group
membership or based on HIP profile matching.
In this example, the portals and all three gateways (one external and two internal) are deployed on separate
firewalls. The external gateway at gpvpn.acme.com provides remote VPN access to the corporate network while
the internal gateways provide granular access to sensitive datacenter resources based on group membership. In
addition, HIP checks are used to ensure that hosts accessing the datacenter are up-to-date on security patches.
Figure: GlobalProtect Deployment with Internal and External Gateways