I am building this to place all the resources in one place that you’ll need to build out PA AnyConnect in your PA Firewall.
First, kudos to PaloAlto, you ca do GlobalProtect VPN without a license as long as you do not want the host intrusion (HIP).
These links provide the basics, I’ll add in any missing parts / fill in the blanks below.
First caveat I am running into with this, is attempting to configure Global Protect on VM Series Firewall in AWS. I am thinking because all the interfaces are DHCP, that I may have to do some funkiness like terminating Global Protect on loopback and creating a NAT policy.
An example I am trying is here