What Features Does GlobalProtect Support?
Table of Contents
Expand all | Collapse all
-
- Cloud Identity Engine Cipher Suites
-
- PAN-OS 11.0 GlobalProtect Cipher Suites
- PAN-OS 11.0 IPSec Cipher Suites
- PAN-OS 11.0 IKE and Web Certificate Cipher Suites
- PAN-OS 11.0 Decryption Cipher Suites
- PAN-OS 11.0 Administrative Session Cipher Suites
- PAN-OS 11.0 HA1 SSH Cipher Suites
- PAN-OS 11.0 PAN-OS-to-Panorama Connection Cipher Suites
- PAN-OS 11.0 Cipher Suites Supported in FIPS-CC Mode
-
- PAN-OS 10.2 GlobalProtect Cipher Suites
- PAN-OS 10.2 IPSec Cipher Suites
- PAN-OS 10.2 IKE and Web Certificate Cipher Suites
- PAN-OS 10.2 Decryption Cipher Suites
- PAN-OS 10.2 Administrative Session Cipher Suites
- PAN-OS 10.2 HA1 SSH Cipher Suites
- PAN-OS 10.2 PAN-OS-to-Panorama Connection Cipher Suites
- PAN-OS 10.2 Cipher Suites Supported in FIPS-CC Mode
-
- PAN-OS 10.1 GlobalProtect Cipher Suites
- PAN-OS 10.1 IPSec Cipher Suites
- PAN-OS 10.1 IKE and Web Certificate Cipher Suites
- PAN-OS 10.1 Decryption Cipher Suites
- PAN-OS 10.1 Administrative Session Cipher Suites
- PAN-OS 10.1 HA1 SSH Cipher Suites
- PAN-OS 10.1 PAN-OS-to-Panorama Connection Cipher Suites
- PAN-OS 10.1 Cipher Suites Supported in FIPS-CC Mode
-
- PAN-OS 9.1 GlobalProtect Cipher Suites
- PAN-OS 9.1 IPSec Cipher Suites
- PAN-OS 9.1 IKE and Web Certificate Cipher Suites
- PAN-OS 9.1 Decryption Cipher Suites
- PAN-OS 9.1 Administrative Session Cipher Suites
- PAN-OS 9.1 HA1 SSH Cipher Suites
- PAN-OS 9.1 PAN-OS-to-Panorama Connection Cipher Suites
- PAN-OS 9.1 Cipher Suites Supported in FIPS-CC Mode
-
- PAN-OS 8.1 GlobalProtect Cipher Suites
- PAN-OS 8.1 IPSec Cipher Suites
- PAN-OS 8.1 IKE and Web Certificate Cipher Suites
- PAN-OS 8.1 Decryption Cipher Suites
- PAN-OS 8.1 Administrative Session Cipher Suites
- PAN-OS 8.1 HA1 SSH Cipher Suites
- PAN-OS 8.1 PAN-OS-to-Panorama Connection Cipher Suites
- PAN-OS 8.1 Cipher Suites Supported in FIPS-CC Mode
What Features Does GlobalProtect Support?
Review the features that GlobalProtect™ supports depending
on operating system (OS).
The following table lists the features supported on
GlobalProtect™ by operating system (OS). An entry in the table indicates
the first supported release of the feature on the OS (however, you
should review the End-of-Life Summary to
ensure you are using a supported release). A dash (“—”) indicates
that the feature is not supported. For recommended minimum GlobalProtect
app versions, see Where Can I Install the GlobalProtect App?.
For Chromebook and other Chrome OS devices, use Android
App 5.0 or later version to get GlobalProtect app features introduced
in GlobalProtect app 5.0 and later releases. (Refer also to the end-of-life (EoL) information
for the GlobalProtect app.)
Feature | Android | iOS | Chrome | Windows | Windows 10 UWP | macOS | Linux |
|---|---|---|---|---|---|---|---|
Authentication | |||||||
4.0.0 | 4.0.0 ( On-Demand connect method only ) | 4.0.0 | — | 4.0.0 | 5.1 ( GUI-based GlobalProtect app ) | ||
SAML Authentication with Cloud
Authentication Service Note: Requires use of Default System Browser | 6.0.0 | 6.0.0 ( On Demand connect method only ) | 6.0.0 | 6.0.0 | — | 6.0.0 | 6.0.0 |
4.1.0 | 4.1.0 ( notifications only )5.0.0 ( full support ) | 4.1.0 | 4.1.0 | 4.1.0 | 4.1.0 | — | |
4.1.0 | 4.1.0 | 4.1.0 | 4.1.0 | 4.1.0 | 4.1.0 | 4.1.0 | |
Single Sign-On (SSO) | |||||||
SSO (Credential Provider) | — | — | — | 1.2.0 | — | — | — |
SAML SSO | 5.1.0 | 5.2.0 | 5.1.0 | 5.2.0 | — | 5.2.0 | 5.2.0 |
VPN Connections | |||||||
IPSec | 1.3.0 | 1.3.0 | 3.1.1 | 1.0.0 | — | 1.0.0 | 4.1.0 |
SSL | 1.3.0 | 1.3.0 | 3.1.1 | 1.0.0 | 3.1.3 | 1.0.0 | 4.1.0 |
— (no client required) | — (no client required) | — (no client required) | — (no client required) | — (no client required) | — (no client required) | — (no client required) | |
Connect Methods | |||||||
1.3.0 | 1.3.0 | 5.0.0 ( through extended support for the GlobalProtect app for
Android ) | 1.0.0 | 3.1.3 ( Always On configured from third-party MDM ) | 1.0.0 | 4.1.0 | |
Connection Priority | |||||||
4.0.0 ( Except DHCP options ) | 4.0.0 ( Except DHCP options ) | — | 4.0.0 | — | 4.0.0 | 4.1.0 | |
Modes | |||||||
Internal mode | 1.3.0 | 1.3.0 | — | 1.0.0 | — | 1.0.0 | 4.1 |
External mode | 1.3.0 | 1.3.0 | 3.1.1 | 1.0.0 | 3.1.3 | 1.0.0 | 4.1 |
Networking | |||||||
IPv4 Addressing | 1.3.0 | 1.3.0 | 3.1.1 | 1.0.0 | 3.1.3 | 1.0.0 | 4.1 |
IPv6 Addressing | 4.0.0 | 4.0.0 | 4.0.0 | 4.0.0 | 4.0.0 | 4.0.0 | 4.1 |
— | — | — | 4.1.0 | — | 4.1.0 | 6.1.0 Domain-based split tunneling
only; application-based split tunneling not supported | |
Per-App VPN | 4.0.0 | 4.0.0 | |||||
Customization | |||||||
5.2.4 | 5.2.4 | 5.2.4 | 5.2.4 | 5.2.4 | 5.2.4 | 5.2.4 | |
4.1.0 | 4.1.0 | 4.1.0 | 4.1.0 | 4.1.0 | 4.1.0 | 4.1.0 | |
4.1.0 | 4.1.0 | 4.1.0 | 4.1.0 | 4.1.0 | 4.1.0 | 4.1.0 | |
— | — | — | — | 6.0.7 | |||
Pre-logon tunnel rename timeout | — | — | — | 4.0.2 | — | — | — |
— | — | — | 3.1.0 | 3.1.3 ( VPN Lockdown configured from third-party MDM ) | 3.1.0 | — | |
Deployment of SSL Forward Proxy CA certificates in
the trust store | — | — | — | 3.0.0 | — | 3.0.0 | — |
HIP reports | 1.3.0 | 1.3.0 | 3.0.0 | 1.0.0 | 3.1.3 ( Host information only; Notifications
not supported ) | 1.0.0 | 4.1.0 ( Host information only ) |
Run scripts before and after sessions | — | — | — | 2.3.0 | — | 2.3.0 | — |
Allow users to disable GlobalProtect | — | — | — | 2.2.0 | — | 2.2.0 | 4.1.0 |
Welcome and help pages | 1.3.0 | 1.3.0 | 3.0.0 | 1.0.0 | — | 1.0.0 | — |
Other | |||||||
Automatic VPN Reconnect for Chromebooks | — | — | 4.1.0 | — | — | — | — |
(Deprecates Device Block List) | 5.1.0 | 5.1.0 | 5.1.0 | 5.1.0 | 5.1.0 | 5.1.0 | 5.1.0 |