What is the behavior of Gateway selection when the GlobalProtect Gateway is set with Priority "Manual only" Vs "High/Medium/Low".
13697
Created On 06/12/23 17:41 PM - Last Modified 06/28/24 20:00 PM
Question
What is the behavior of Gateway selection when the GlobalProtect Gateway is set with Priority "Manual only" Vs "High/Medium/Low" with Gateway Selection set to "Manual".
Environment
- Palo Alto Firewalls
- Supported PAN-OS
- Gateway Selection with Manual Only gateways
- GlobalProtect (GP) App version 5.2, 6.0 and 6.1
Answer
- When gateway priority is set to "manual-only" then the following happens across GP 5.2, 6.0, 6.1.
- User Authentication is required for Portal authentication
- Post successful portal authentication, GP waits for the end-user to select a gateway out of the list.
- GP connects to the gateway selected by the user
- The next time user tries to connect, GP asks user to select a gateway
- If you refresh the connection, portal authentication takes place (user may be required to enter credentials if the credentials are not saved) and GP waits for end-user to select a gateway
- If gateway selection is set to "Manual" with priority set to "High/Medium/Low" then the following happens across GP 5.2, 6.0, 6.1:
- User Authentication is required for Portal Authentication
- Post successful portal authentication, GP selects the best available gateway based on priority, latency to determine weight and connect to the gateway with lowest weight.
- For subsequent connections, if there is a tie for the weights, then the last connected gateway is used to break the tie.