The IP Security (IPSec) set of protocols is used to set up a secure tunnel for the VPN traffic, and the information in the TCP/IP packet is secured (and encrypted if the tunnel type is ESP). If traffic is routed to a specific destination through a VPN tunnel, then it is handled as VPN traffic. The Palo Alto Networks firewall sets up a route-based VPN, where the firewall makes a routing decision based on the destination IP address. The firewall can also interoperate with third-party policy-based VPN devices the Palo Alto Networks firewall supports route-based VPN. You can configure route-based VPNs to connect Palo Alto Networks firewalls located at two sites or to connect a Palo Alto Networks firewall with a third-party security device at another location. Site-to-Site VPN Overview A VPN connection that allows you to connect two Local Area Networks (LANs) is called a site-to-site VPN. It uses certificates for device authentication, SSL for securing communication between all components, and IPSec to secure data.
The solution requires Palo Alto Networks firewalls to be deployed at the hub and at every spoke. Large Scale VPN- The Palo Alto Networks GlobalProtect Large Scale VPN (LSVPN) provides a simplified mechanism to roll out a scalable hub and spoke VPN with up to 1024 satellite offices. Refer to the GlobalProtect Administrator’s Guide. This solution uses SSL and IPSec to establish a secure connection between the user and the site. Remote User-to-Site VPN-A solution that uses the GlobalProtect agent to allow a remote user to establish a secure connection through the firewall. The firewall uses the IP Security (IPSec) set of protocols to set up a secure tunnel for the traffic between the two sites. Site-to-Site VPN- A simple VPN that connects a central site and a remote site, or a hub and spoke VPN that connects a central site with multiple remote sites. VPN Deployments The Palo Alto Networks firewall supports the following VPN deployments: The devices can be a pair of Palo Alto Networks firewalls, or a Palo Alto Networks firewall along with a VPN-capable device from another vendor. To set up a VPN tunnel, you need a pair of devices that can authenticate each other and encrypt the flow of information between them. VPNs Virtual private networks (VPNs) create tunnels that allow users/systems to connect securely over a public network, as if they were connecting over a local area network (LAN). All other marks mentioned herein may be trademarks of their respective companies. A list of our trademarks can be found at. Palo Alto Networks is a registered trademark of Palo Alto Networks. To provide feedback on the documentation, please write to us at: įor the most current PAN-OS 6.0 release notes, go to. įor contacting support, for information on support programs, to manage your account or devices, or to open a support case, refer to.
įor access to the knowledge base, discussion forums, and videos, refer to.
For additional information, refer to the following resources: įor start-to-finish instruction on how to set up a new firewall, refer to the Palo Alto Networks Getting Started Guide.įor information on the additional capabilities and for instructions on configuring the features on the firewall, refer to. Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 About this Guide This guide provides the concepts and solutions to help you get the most out of your Palo Alto Networks next-generation firewalls. Palo Alto Networks PAN-OS® Administrator’s Guide Version 6.0Ĭontact Information Corporate Headquarters: