-
Jan-Michael Brummer authored
Starting from version 8.0, PAN GlobalProtect portal servers are able to send a priority rule list for each gateway. Per https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClSsCAK, the gateways can be prioritized by geographic region. The gateways should then be presented to the user in order of geographic priority, rather than just in their order of appearance in policy/gateways/external/list (from the portal config XML). How does the client know which geographic region it is in? 1. The client itself may have some way to figure out which region it is connecting from (e.g. geolocation, not implemented yet for OpenConnect). 2. The client may have an option to explicitly specifiy the desired region (not implemented yet in OpenConnect). 3. The *server* tells the client which region it thinks the client is connecting from, in the portal *prelogin* response, and the client follows that (implemented here). Fixes: https://gitlab....
e39b2cc4