Gateway Selection Enhancement
Software support: GlobalProtect agent 4.0.3 and later releases with PAN-OS 6.1 and later releases
OS support: All
To improve the logic the GlobalProtect agent uses to select the best gateway, the GlobalProtect agent now prioritizes the gateways assigned highest, high, and medium priority ahead of gateways assigned a low or lowest priority regardless of response time. The GlobalProtect agent then appends any gateways assigned a low or lowest priority to the list of gateways. This ensures that the agent first attempts to connect to the gateways that you configure with a higher priority. This is useful in redundant data center deployments to ensure that agents to prioritize connections to gateways in the primary data center (with higher priority) over connections to gateways in the backup data center (with lower priority).
For example, consider a deployment with two data centers: one with three gateways and a secondary backup data center with two gateways prioritized as shown in the following GlobalProtect portal agent configuration:
Now consider you have users who primarily access resources through the gateways in the primary data center. When a user roams to a location closer (in response time) to the secondary data center, the agent now first tries the primary gateways for which you’ve set a medium to high priority.
As a result, the GlobalProtect agent automatically tries a gateway in the primary data center first before trying any of the gateways in the secondary data center. By adjusting the priority level in the GlobalProtect portal agent configuration , you can ensure that your end users access the gateways prioritized for that configuration.