Use Case: VM-Series Firewalls as GlobalProtect Gateways on AWS

Securing mobile users from threats and risky applications is often a complex mix of procuring and setting up the security and IT infrastructure, ensuring bandwidth and uptime requirements in multiple locations around the globe while staying within your budget.
The VM-Series firewall on AWS melds the security and IT logistics required to consistently and reliably protect devices used by mobile users in regions where you do not have a presence. By deploying the VM-Series firewall in the AWS cloud, you can quickly and easily deploy GlobalProtect™ gateways in any region without the expense or IT logistics that are typically required to set up this infrastructure using your own resources.
To minimize latency, select AWS regions that are closest to your users, deploy the VM-Series firewalls on EC2 instances, and configure the firewalls as GlobalProtect gateways. With this solution, the GlobalProtect gateways in the AWS cloud enforce security policy for internet traffic so there is no need to backhaul that traffic to the corporate network. Additionally, for access to resources on the corporate network, the VM-Series firewalls on AWS leverage the LSVPN functionality to establish IPSec tunnels back to the firewall on the corporate network.
For ease of deployment and centralized management of this distributed infrastructure, use Panorama to configure the GlobalProtect components used in this solution. Optionally, to ensure that mobile devices, such as smartphones and tablets, are safe for use on your network, use a Mobile Device Manager to configure and manage mobile devices.
aws_deployment_GPgateway.png

Related Documentation