Hardware reference guide

2 GlobalProtect Administrator’s Guide

About the GlobalProtect Components GlobalProtect Overview

About the GlobalProtect Components

GlobalProtect provides a complete infrastructure for managing your mobile workforce to enable secure access

for all your users, regardless of what devices they are using or where they are located. This infrastructure

includes the following components:

 GlobalProtect Portal

 GlobalProtect Gateways

 GlobalProtect Client

 GlobalProtect Mobile Security Manager

GlobalProtect Portal

The GlobalProtect portal provides the management functions for your GlobalProtect infrastructure. Every

client system that participates in the GlobalProtect network receives configuration information from the portal,

including information about available gateways as well as any client certificates that may be required to connect

to the GlobalProtect gateway(s) and/or the Mobile Security Manager. In addition, the portal controls the

behavior and distribution of the GlobalProtect agent software to both Mac and Windows laptops. (On mobile

devices, the GlobalProtect app is distributed through the Apple App Store for iOS devices or through Google

Play for Android devices.) If you are using the Host Information Profile (HIP) feature, the portal also defines

what information to collect from the host, including any custom information you require. You Configure the

GlobalProtect Portal on an interface on any Palo Alto Networks next-generation firewall.

GlobalProtect Gateways

GlobalProtect gateways provide security enforcement for traffic from GlobalProtect agents/apps. Additionally,

if the HIP feature is enabled, the gateway generates a HIP report from the raw host data the clients submit and

can use this information in policy enforcement.

 External gateways—Provide security enforcement and/or virtual private network (VPN) access for your

remote users.

 Internal gateways—An interface on the internal network configured as a GlobalProtect gateway for

applying security policy for access to internal resources. When used in conjunction with User-ID and/or

HIP checks, an internal gateway can be used to provide a secure, accurate method of identifying and

controlling traffic by user and/or device state. Internal gateways are useful in sensitive environments where

authenticated access to critical resources is required. You can configure an internal gateway in either tunnel

mode or non-tunnel mode.

You Configure GlobalProtect Gateways on an interface on any Palo Alto Networks next-generation firewall.

You can run both a gateway and a portal on the same firewall, or you can have multiple, distributed gateways

throughout your enterprise.