GlobalProtect Review & Alternatives

GlobalProtect Review and Alternatives

Diego Asturias

GlobalProtect (now Prisma Access) is an advanced Zero Trust Network Access (ZTNA) platform designed to secure remote access for the new hybrid (remote and on-premises) workforce. This remote access solution is more than a simple Virtual Private Network (VPN).

In this post, we will review Palo Alto’s GlobalProtect remote access solution. We will provide full details of the remote access solution, along with features, pros, and cons. In the last section, we will provide a list of GlobalProtect alternatives to help you compare and choose a tool with similar capabilities.

What Is GlobalProtect?

Palo Alto’s GlobalProtect (now Prisma Access) is a secure “least-privilege” or “zero-trust” remote access cloud service solution. It is designed to grant secure access to hybrid employees working from home, on the go, or the premises, to headquarters. The solution relies on trusted and consistent protection from Palo Alto Networks Prisma Access and Next-Gen Firewalls.

Although GlobalProtect was originally designed to provide Remote Access (RA) Virtual Private Network (VPN) capabilities, it is now far from a VPN. GlobalProtect (now with Prisma Access) has evolved to provide more sophisticated remote access capabilities than the traditional VPN and the ZTNA (Zero Trust Network Access) can. 

GlobalProtect

GlobalProtect (Prisma Access) is part of Palo Alto’s SASE (Secure Access Service Edge) and SSE (Secure Service Edge) solution. GlobalProtect provides what Palo Alto refers to as ZTNA 2.0— a security solution that ensures secure remote access using fine-grained, least-privileged access with ongoing trust verification, along with the deep inspection.

Product Details

  • Who can use GlobalProtect? Small to medium and large enterprises can typically leverage GlobalProtect for a secure remote working experience.
  • Support? The solution supports multiple platforms, including web, Android, and iOS, with 24/7 live support.
  • Any awards? Forrester New Wave is named Palo Alto's “Leader in ZTNA solutions.” Palo Alto Networks was named Leader in Gartner’s Magic Quadrant for Network Firewalls for the 10th consecutive time, as of 2021.
  • Test Drive? Schedule a live demo to see how the product (SASE and SSE Prisma Access) works in action.

GlobalProtect Features

As mentioned before, GlobalProtect is more than just a VPN. Although it was initially developed as a VPN at its core, the entire functionality and capability of GlobalProtect changed when it was combined with Prisma Access (SSE and SASE) and Palo Alto’s next-gen firewalling. Below is a small list containing all these new features.

  • Internet gateways for traffic inspection. GlobalProtect uses Palo Alto’s next-generation firewalls as Internet gateways. The solution is capable of inspecting the traffic on the network perimeter, on a DMZ (Demilitarized Zone), or in the cloud.
  • Establish a secure connection to internal and cloud-based apps. Endpoints using the GlobalProtect app can connect and access a company’s data anywhere. The solution can automatically establish a secure IPsec/SSL VPN connection to the cloud-native SSE platform (Prisma Access) or Palo Alto’s next-gen firewall using an optimal internet gateway.
  • Robust Zero Trust application. Companies can use the Zero Trust security framework that requires all users (internally or externally) to be authenticated, authorized, and continuously validated. GlobalProtect delivers reliable user identification. It can also use multifactor and identity-based authentication models to grant network access.
  • URL filtering. The GlobalProtect security solution can inspect all web traffic and compare it against a predefined set of URL filters. URL filtering can help stop users from accessing denied (risky, malicious, or adult content) URLs. Admins can enforce Acceptable Use Policies (AUPs) to filter URLs.
  • Improve visibility and streamline troubleshooting. GlobalProtect improves your hybrid workforce security by preventing blind spots and providing complete visibility across applications and ports. GlobalProtect provides an Application Command Center, along with widgets, reports, and logs. For instance, the GlobalProtect logging utility helps admins identify events in the connection process.
  • Advanced Threat Prevention (ATP). GlobalProtect provides different ways to stop threats. First, since it encrypts traffic with SSL/TLS/SSH, it automatically stops threats that may come in the traffic and reach the endpoint. GlobalProtect protects against “social engineering” threats like phishing and credential theft. Admins can enforce security policies to prevent and stop threats.
  • Implement Bring Your Own Devices (BYOD) policies. GlobalProtect supports app-level clientless VPN to allow access to apps from unmanaged devices. Admins can enable customized and automated authentication for unmanaged devices. Integrate GlobalProtect with mobile device management services like AirWatch and MobileIron to maintain visibility, security, and privacy in your BYOD implementations.

GlobalProtect

GlobalProtect Review

The GlobalProtect secure remote access solution provides you with various exciting features and benefits, but it also has some downsides that you should be aware of.

Pros:

  • Monitor user activity at the URL level. Monitor and block certain URLs to prevent unwanted user activity. Depending on the activity, the admin can place a device in auto quarantine until the activity is cleared.
  • Limit user activity based on device type. Limit user activity through device-based usage policies.
  • Robust authentication. Implement SSO (Single Sign-on) via Kerberos or SSO for macOS. The solution also supports multi-factor authentication (MFA) from third parties like Google, Microsoft Authenticator, or DUO.
  • Fast and scalable. GlobalProtect uses an architecture designed for scalability and to handle heavy traffic. You can use it at the company level to ensure a smooth work-from-home experience. After connecting to a secure network through GlobalProtect, the system performance and speed remain optimal.
  • Use external and internal gateways. With GlobalProtect, you can deploy multiple external or internal gateways and use different selection methods.

Cons:

  • GlobalProtect uses Palo Alto’s hardware-based firewall solution. Building a remote access solution can be challenging for some users, as they’ll need to deploy a firewall appliance with the GlobalProtect subscription. This approach makes scaling a bit problematic.
  • Setting up the GlobalProtect for the first time can be challenging. GlobalProtect uses a multi-step configuration process that seems to confuse many users (especially beginners). The learning curve can be steep.
  • No auto-connect is available. If the remote access connection disconnects, the user must manually log in again. The solution has no auto-connect, so you must manually reconnect every time your system reboots.
  • Annoying disconnects. GlobalProtect VPN is also notoriously known for its disconnects and logouts. The solution does not uphold a session when the connection disrupts, nor does it restart on its own. In this case, manual logging is required, which is time-consuming and sometimes annoying.
  • Inflexible policy controls over remote devices. GlobalProtect is not flexible enough to implement policy controls over remote devices. If your enterprise requires 100% visibility in the hybrid workforce, you might need to look elsewhere.

GlobalProtect Customer Service

Palo Alto is known for having good customer service. You can try several methods to contact them, such as via email, chat, phone number, customer support portal, or through their live community. 

GlobalProtect

  • Chat Chat support is the easiest way to contact Palo Alto’s customer care representatives. The chat box can be accessed through the bottom right corner of their homepage.
  • Email You can request customer support from Palo Alto by filling out the form on its Contact Us page. Their team will get in touch with you afterward. For security consulting and incident response, you can either fill out the above form or email Palo Alto at unit42-investigations@paloaltonetworks.com.
  • By Phone You can call Palo Alto directly for security consulting and incident response. GlobalProtect/ Palo Alto has specific numbers in each country for technical support. For a list with all the phone numbers, access the official list here
  • Customer Support Portal You can use Palo Alto’s Customer Support Portal to solve technical queries related to GlobalProtect. Get a support account to create cases and get opinions from the live community of IT professionals. You can also access technical documentation and other resources.

How To Start With GlobalProtect? 

If you plan to use GlobalProtect to set up secure remote access or VPN, you can do so without any GlobalProtect license. But if you want to use the solution with more advanced features, you need to buy a GlobalProtect subscription (GlobalProtect Gateway license). These gateways enabled with the license will allow you to perform Host Intrusion Prevention (HIP) checks, split tunnel traffic, provide IPv6 connections, and more.

GlobalProtect licenses come with (annual-based) one, three, and five-year subscriptions. They offer custom pricing depending on the subscription period, device, and features (contact them to get a quote). You can purchase licenses from a Palo Alto Networks sales representative or an authorized reseller.

  • Free Trial? There is no GlobalProtect free trial (since it needs an appliance), but you can try Prisma Cloud for a limited time and protect your cloud-native applications and environments.
  • Demo? Request and schedule a demo of the Prisma Access or a next-gen firewall.

GlobalProtect Alternatives

Below are some of the best GlobalProtect Alternatives. These alternatives are all secure remote access solutions with different capabilities and functionalities compared to GlobalProtect. Some of the most sophisticated solutions we cover in the following list offer the full SASE and SSE platforms. 

1. Zscaler Cloud Protection

Zscaler Cloud Protection

Zscaler Cloud Protection is a security product made in the cloud (cloud-native) and for the cloud. It is based on the Zscaler Zero Trust Exchange (ZTE) and is designed to protect your cloud workloads and data (with the least privilege approach). The solution offers secure communication from workload to the internet, workload to workload, and workload to data centers. It helps prevent misconfiguration of cloud environments while reducing the lateral-moving threats. Request a Zscaler product demo.

2. CrowdStrike Zero Trust

CrowdStrike Zero Trust

CrowdStrike Zero Trust is a cloud-native (least-privilege) unified and threat-centric data fabric solution designed to protect identities, workloads, and endpoints against security breaches. The zero trust approach helps protect hybrid enterprise environments with real-time detection and prevention of malicious attacks. CrowdStrike Zero Trust cuts down costs by keeping the system easy to use, highly functional, and maintaining a great user experience.

3. Forcepoint ONE

Forcepoint ONE

Forcepoint ONE is an all-in-one cloud-native security solution that works for small to large enterprises. Forcepoint ONE provides an SSE (Secure Service Edge) platform that can scale its capabilities up and down whenever demand requires. The solution integrates all SSE-base technologies into a single unified cloud-based platform; these include CASB, SWG, ZTNA, RBI, DLP, and CDR. To start with Forcepoint ONE, get a free customized demo.

4. Cloudflare Zero Trust

Cloudflare Zero Trust

The Cloudflare Zero Trust Platform, backed up by one of the largest global networks (Cloudflare), provides one of the fastest and most reliable Zero Trust Network Access (ZTNA) for on-premises and remote users. Cloudflare Zero Trust enhances the protection of data, devices, and users by preventing malware attacks, data loss, or phishing. The platform provides a simple user interface with easy setup and configuration. Sign up for a free Cloudflare Zero Trust Enterprise trial.

5. Barracuda CloudGen Firewalls

Barracuda CloudGen Firewalls

Barracuda CloudGen Firewalls is a robust security platform that protects hybrid and cloud networks. The solution comes with a cloud-hosted Advanced Threat Protection (ATP) that helps protect your organization against unknown threats, malware, and viruses. It provides zero-day protection. Security teams can deploy Barracuda CloudGen Firewall on the premises or through popular public cloud providers like Microsoft Azure, Google Cloud Platform, and AWS.

6. Perimeter 81

Perimeter 81

Perimeter 81 is a cloud-native security solutions provider and leader in ZTNA and SASE. Perimeter 81 is an excellent alternative to GlobalProtect because it also provides secure remote access for employees working outside the office. Additionally, Perimeter 81 offers FaaS (Firewall as a Service), Secure Web Gateway, and Software-Defined Perimeter solutions. Perimeter 81 does not offer a free trial but provides a 30-day money-back guarantee in all of its plans.

Final Thoughts

GlobalProtect was built as a VPN solution but now has evolved into Prisma Access — a “zero trust-based” secure remote access platform that belongs to the SASE solution. GlobalProtect also relies on the protection of well-known Palo Alto’s Next-gen firewalls.

The solution allows remote and on-premises users to securely connect to resources on their corporate network or the cloud. 

If you want more than what GlobalProtect offers, you can try any of the GlobalProtect alternatives listed in this article. The best alternatives to GlobalProtect can also provide secure remote access to a hybrid (cloud and on-premises) workforce; the best examples are Zscaler Cloud Protection, Crowdstrike Zero Trust, and Forcepoint ONE.