Sure it can, DNS RR or some kind of GTM As for cloud, PA does GP in the cloud. Scales up and down as needed...
On Tue, Nov 14, 2017 at 1:35 PM Kurt Buff <kurt.b...@gmail.com> wrote: > Perhaps I missed it, but I didn't see that GP will autoconnect to the > closest/fastest site. > > That doesn't mean GP is out of the running - I like it where I've set > it up, so it's on my list, especially since all of our sites have Palo > Altos already. > > But, from the way the questions were put to me, it sounds like the > requestor is biased toward some sort of "cloud" solution, not tied to > current hardware. > > > Kurt > > On Mon, Nov 13, 2017 at 6:04 PM, Don Ely <don....@gmail.com> wrote: > > Why can't Global Protect achieve all of your needs? Did I miss some > > requirement they can't meet? > > > > On Mon, Nov 13, 2017 at 5:25 PM Kurt Buff <kurt.b...@gmail.com> wrote: > >> > >> Arg - that should be "seeking commercial services".. > >> > >> And, once I bring recommendations, it might well be that we just fall > >> back to a DirectAccess server in each office, with our without a > >> multi-site configuration, potentially with an SSP VPN appliance also > >> at each office for backup and contractors, and call it good. > >> > >> Kurt > >> > >> On Mon, Nov 13, 2017 at 5:03 PM, Kurt Buff <kurt.b...@gmail.com> wrote: > >> > I'm not sure either, but that's the task I've been given - not > >> > necessarily to implement at this stage, but to scope out the > >> > alternatives and come up with some possibilities. > >> > > >> > It's also why I'm seeing recommendations on commercial services, so > >> > that our implementation requirements are minimized. > >> > > >> > Kurt > >> > > >> > On Mon, Nov 13, 2017 at 4:38 PM, Joseph L. Casale > >> > <jcas...@activenetwerx.com> wrote: > >> >> I've done a lot of openvpn setups in a myriad of formats, site to > site, > >> >> hub and spoke, client etc. > >> >> It works well and there are even some lesser documented features that > >> >> do some neat stuff but you are now rolling your solution and > marinating it > >> >> manually. > >> >> Not sure how well that will scale unless you have a skilled team. > >> >> > >> >>> -----Original Message----- > >> >>> From: listsad...@lists.myitforum.com > >> >>> [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff > >> >>> Sent: Monday, November 13, 2017 5:22 PM > >> >>> To: ntsysadm <NTSysADM@lists.myitforum.com> > >> >>> Subject: [NTSysADM] Looking for a global VPN solution - looking for > >> >>> input > >> >>> > >> >>> All, > >> >>> > >> >>> 1) For staff, currently we're using DirectAccess on 2012R2 as our > >> >>> primary conduit in the US, with SSL VPNs (SonicWall and Palo Alto > >> >>> Global Protect) as primary for our overseas offices and secondary > for > >> >>> the US (Sonicwall). > >> >>> > >> >>> 2) In the US office, we also have contractors/consultants needing to > >> >>> use our SSL VPN for access to various resources, and that will > likely > >> >>> expand to our overseas offices soon. Differentiation and securing > >> >>> resources is even more important here than in 1). > >> >>> > >> >>> 3) We also stand up IPSec tunnels for vendors/partners as needed > (lab > >> >>> to lab), for interoperability/compatibility testing. > >> >>> > >> >>> We're looking to get into a solution that will take care of at least > >> >>> the first two (and ideally the third as well), so that we don't have > >> >>> so many platforms to support, and so that we can make sure that > staff > >> >>> in the field get the fasted connection available. > >> >>> > >> >>> I've taken a quick gander at the websites for vyprvpn (Golden Frog), > >> >>> and OpenVPN (commercial client offering), but don't have much of an > >> >>> opinion on them, as info about them is a bit thin. > >> >>> > >> >>> Anyone have experience with solutions like this, and care to > comment? > >> >>> > >> >>> Thanks, > >> >>> > >> >>> Kurt > >> >>> > >> >> > >> > >> > > > > >
