So, it's not used to configure load balancing or client redirection for GP? OK, I can see that.
Kurt On Tue, Nov 14, 2017 at 6:22 PM, Don Ely <don....@gmail.com> wrote: > Panorama is only a MGMT tool for the firewalls. It has nothing to do with > traffic mgmt > > On Nov 14, 2017 17:25, "Kurt Buff" <kurt.b...@gmail.com> wrote: >> >> I presume this requires Panorama? We don't have that, I've been >> wanting it for a while, but it's been hard to justify when we have >> only 3 sites, two of which are PA500s. >> >> On Tue, Nov 14, 2017 at 1:49 PM, Don Ely <don....@gmail.com> wrote: >> > Sure it can, DNS RR or some kind of GTM >> > >> > As for cloud, PA does GP in the cloud. Scales up and down as needed... >> > >> > >> > On Tue, Nov 14, 2017 at 1:35 PM Kurt Buff <kurt.b...@gmail.com> wrote: >> >> >> >> Perhaps I missed it, but I didn't see that GP will autoconnect to the >> >> closest/fastest site. >> >> >> >> That doesn't mean GP is out of the running - I like it where I've set >> >> it up, so it's on my list, especially since all of our sites have Palo >> >> Altos already. >> >> >> >> But, from the way the questions were put to me, it sounds like the >> >> requestor is biased toward some sort of "cloud" solution, not tied to >> >> current hardware. >> >> >> >> >> >> Kurt >> >> >> >> On Mon, Nov 13, 2017 at 6:04 PM, Don Ely <don....@gmail.com> wrote: >> >> > Why can't Global Protect achieve all of your needs? Did I miss some >> >> > requirement they can't meet? >> >> > >> >> > On Mon, Nov 13, 2017 at 5:25 PM Kurt Buff <kurt.b...@gmail.com> >> >> > wrote: >> >> >> >> >> >> Arg - that should be "seeking commercial services".. >> >> >> >> >> >> And, once I bring recommendations, it might well be that we just >> >> >> fall >> >> >> back to a DirectAccess server in each office, with our without a >> >> >> multi-site configuration, potentially with an SSP VPN appliance also >> >> >> at each office for backup and contractors, and call it good. >> >> >> >> >> >> Kurt >> >> >> >> >> >> On Mon, Nov 13, 2017 at 5:03 PM, Kurt Buff <kurt.b...@gmail.com> >> >> >> wrote: >> >> >> > I'm not sure either, but that's the task I've been given - not >> >> >> > necessarily to implement at this stage, but to scope out the >> >> >> > alternatives and come up with some possibilities. >> >> >> > >> >> >> > It's also why I'm seeing recommendations on commercial services, >> >> >> > so >> >> >> > that our implementation requirements are minimized. >> >> >> > >> >> >> > Kurt >> >> >> > >> >> >> > On Mon, Nov 13, 2017 at 4:38 PM, Joseph L. Casale >> >> >> > <jcas...@activenetwerx.com> wrote: >> >> >> >> I've done a lot of openvpn setups in a myriad of formats, site to >> >> >> >> site, >> >> >> >> hub and spoke, client etc. >> >> >> >> It works well and there are even some lesser documented features >> >> >> >> that >> >> >> >> do some neat stuff but you are now rolling your solution and >> >> >> >> marinating it >> >> >> >> manually. >> >> >> >> Not sure how well that will scale unless you have a skilled team. >> >> >> >> >> >> >> >>> -----Original Message----- >> >> >> >>> From: listsad...@lists.myitforum.com >> >> >> >>> [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff >> >> >> >>> Sent: Monday, November 13, 2017 5:22 PM >> >> >> >>> To: ntsysadm <NTSysADM@lists.myitforum.com> >> >> >> >>> Subject: [NTSysADM] Looking for a global VPN solution - looking >> >> >> >>> for >> >> >> >>> input >> >> >> >>> >> >> >> >>> All, >> >> >> >>> >> >> >> >>> 1) For staff, currently we're using DirectAccess on 2012R2 as >> >> >> >>> our >> >> >> >>> primary conduit in the US, with SSL VPNs (SonicWall and Palo >> >> >> >>> Alto >> >> >> >>> Global Protect) as primary for our overseas offices and >> >> >> >>> secondary >> >> >> >>> for >> >> >> >>> the US (Sonicwall). >> >> >> >>> >> >> >> >>> 2) In the US office, we also have contractors/consultants >> >> >> >>> needing >> >> >> >>> to >> >> >> >>> use our SSL VPN for access to various resources, and that will >> >> >> >>> likely >> >> >> >>> expand to our overseas offices soon. Differentiation and >> >> >> >>> securing >> >> >> >>> resources is even more important here than in 1). >> >> >> >>> >> >> >> >>> 3) We also stand up IPSec tunnels for vendors/partners as needed >> >> >> >>> (lab >> >> >> >>> to lab), for interoperability/compatibility testing. >> >> >> >>> >> >> >> >>> We're looking to get into a solution that will take care of at >> >> >> >>> least >> >> >> >>> the first two (and ideally the third as well), so that we don't >> >> >> >>> have >> >> >> >>> so many platforms to support, and so that we can make sure that >> >> >> >>> staff >> >> >> >>> in the field get the fasted connection available. >> >> >> >>> >> >> >> >>> I've taken a quick gander at the websites for vyprvpn (Golden >> >> >> >>> Frog), >> >> >> >>> and OpenVPN (commercial client offering), but don't have much of >> >> >> >>> an >> >> >> >>> opinion on them, as info about them is a bit thin. >> >> >> >>> >> >> >> >>> Anyone have experience with solutions like this, and care to >> >> >> >>> comment? >> >> >> >>> >> >> >> >>> Thanks, >> >> >> >>> >> >> >> >>> Kurt >> >> >> >>> >> >> >> >> >> >> >> >> >> >> >> >> > >> >> >> >> >> > >> >> >