GlobalProtect Portal and Gateway Internet access with safe enablement Untrusted Local Network Don’t assume everyone should have local network access Moving away from “give access to everyone” on LAN to “don’t trust anyone” Just like the external scenario, don’t trust anyone internally Teachers and Students using laptops at school Teacher and Students using laptop at home Proprietary and Confidential.Ĭonsistent Enforcement of Application Policies Policy for Teachers Use next-generation firewall for protectionĮnforce policy consistently with GlobalProtect Popular high-bandwidth applications such as bittorrent reduce available resources Students using web proxies to circumvent URL filters School boards concerned about inappropriate teacher/student activity on social mediaĬhildren’s Internet Protection Act requires school to block adult content When gateway is unavailable, agent can automatically make connection to next best gatewayĬonsistent Enforcement of Application Policies Challenge in Education o Gateway Failure Scenario Single Gateway Failure Scenario Portal Portal Failure Scenario Single Portal Failure ScenarioĪvailable Existing GlobalProtect users connect to gateway using cache configuration Internal User Sequence - Step 3 The tunnel for internal users is optionalĪgent sends user and HIP information to gateway for policy enforcementĮxample deployment scenario Site to Site IPSec tunnel User authenticates to portal Portal and Gateway Internal User Sequence - Step 1 Data Center Firewall Host internal/external detection parameters Įxternal User Sequence - Step 2 LDAP Radius Kerberos GatewayĪgent determines if it is inside or outside the corporate networkĮxternal User Sequence - Step 3 LDAP Radius Kerberos GatewayĪutomatically connects to the best gatewayĮxternal User Sequence - Step 4 User moves to new location Automatically connects to the new best gateway.
Software that runs on endpoint Supported on Windows 8, Windows 7, Windows Vista 32/64bit Mac OS X 10.6/10.7/10.8 ( PAN OS 4.1) iOS 5.1+ Android 4.0.3+Įxternal User Sequence - Step 1 LDAP Radius Kerberos Gateway Provides tunnel termination points Enforces security policy for connected users
Provides ongoing content updates to check the host profileĬentral authority for GlobalProtect Provides list of known gateways Provides certificates to validate gateways Hosts GlobalProtect agent for initial download May be installed on same device as a GlobalProtect Gateway Required on the devices that would connect iOS and Android app Required on the devices that would check host profile Required on the device that would run Portal Single Gateway Multiple Gateway Internal Gateway HIP checkĩ | ©2012, Palo Alto Networks.
GlobalProtect Licensing Licensing based on Portals and Gateways (firewall), not users Portal License Host Information Profile + Internal Gateways at Layer 3 Threat Prevention + URL Filtering Confidential and Proprietary.Ĩ | ©2012, Palo Alto Networks. VPN connection to a purpose built firewall that is performing the security work Automatic protected connectivity for users both inside and outside Unified policy control, visibility, compliance & reportingĦ | ©2012, Palo Alto Networks. GlobalProtect: Consistent Security Everywhere exploits Mix of Proxies + VPN Both indeterminate and inconsistent security Confidential and Proprietary.Įxposed to threats, risky apps, and data leakageĥ | ©2012, Palo Alto Networks. Overview of GlobalProtect Technical Details Use CasesĬhallenge: Quality of Security Tied to Location malware exploits botnetsĤ | ©2012, Palo Alto Networks.