Palo Alto Networks Knowledgebase: GlobalProtect Gateway Selection Process

GlobalProtect Gateway Selection Process

2868
Created On 02/07/19 23:58 PM - Last Updated 02/07/19 23:58 PM
Symptom

How does GlobalProtect Gateway selection process work when multiple gateways are configured a on single portal?



Resolution

When Multiple gateways are configured on a single portal in Global protect, below is how the GlobalProtect gateway selection algorithm works.


Gateway Selection Algorithm

When multiple gateways are listed in the portal, the client will automatically connect to the preferred gateway. The clients use priority and response time as a factor to determine the best gateway. The section below discusses a few examples of gateway selection mechanism.

 

Case 1

Let us assume the following gateways with priorities and response times as follows:

Gateway name Priority Response time
Gateway-1      1           80 ms
Gateway-2            2    25 ms
Gateway-3350 ms


The average response time in this case is 51 milliseconds. In this case, the Agent will connect to Gateway-2, because the response time is less than the average response time of the three Gateways. Gateway-1, even though has higher priority has a response time, higher than the average response time of 51 millisecond.

 

Case 2

Let us assume the following Gateways with priorities and response timesas follows:

 

Gateway name Priority Response time
Gateway-1      1           30 ms
Gateway-2            2    25 ms
Gateway-3350 ms


The average response time, in this case, is 35 milliseconds. Even though Gateway-2 has the lowest response time, the Agent will connect to Gateway-1, because its response time is less than the average, and has the highest priority.



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVzCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language