Compatibility Matrix
What Features Does GlobalProtect Support?
Table of Contents
What Features Does GlobalProtect Support?
Review the features that GlobalProtect™ supports based on the platform operating system
(OS).
The following table lists the features supported on
GlobalProtect™ by operating system (OS). An entry in the table indicates
the first supported release of the feature on the OS (however, you
should review the End-of-Life Summary to
ensure you are using a supported release). A dash (“—”) indicates
that the feature is not supported. For recommended minimum GlobalProtect
app versions, see Where Can I Install the GlobalProtect App?.
For Chromebook and other Chrome OS devices, use Android App 5.0 or a later version to get
GlobalProtect app features introduced in GlobalProtect app 5.0 and later releases.
(Refer also to the end-of-life (EoL) information for the
GlobalProtect app.)
Feature
|
Android
|
iOS
|
Chrome
|
Windows
|
Windows 10 UWP
|
Windows 365 Cloud PC
|
macOS
|
Linux
|
---|---|---|---|---|---|---|---|---|
Authentication
| ||||||||
SAML Authentication |
4.0.0
|
4.0.0 (On-Demand
connect method only)
| 4.1.0 |
4.0.0
|
—
| 6.2.5 |
4.0.0
|
5.1
(GUI-based GlobalProtect app)
|
SAML Authentication with Cloud
Authentication Service Note: Requires use of Default
System Browser |
6.0.0
|
6.0.0
(On Demand
connect method only)
|
6.0.0
|
6.0.0
|
—
| 6.2.5 |
6.0.0
|
6.0.0
|
Expired Active Directory Password Change for Remote Users |
4.1.0
|
4.1.0
(notifications only)
5.0.0
(full support)
|
4.1.0
|
4.1.0
|
4.1.0
|
—
|
4.1.0
|
—
|
Mixed Authentication Method Support or Certificates or User Credentials |
4.1.0
|
4.1.0
|
4.1.0
|
4.1.0
|
4.1.0
|
—
|
4.1.0
|
4.1.0
|
Single Sign-On (SSO)
| ||||||||
SSO (Credential Provider)
|
—
|
—
|
—
|
1.2.0
|
—
|
—
|
—
|
—
|
SAML SSO
|
5.1.0
|
5.2.0
|
5.1.0
|
5.2.0
|
—
| 6.2.5 |
5.2.0
|
5.2.0
|
VPN Connections
| ||||||||
IPSec
|
1.3.0
|
1.3.0
|
3.1.1
|
1.0.0
| — | 6.2.5 |
1.0.0
|
4.1.0
|
SSL
|
1.3.0
|
1.3.0
|
3.1.1
|
1.0.0
|
3.1.3
| 6.2.5 |
1.0.0
|
4.1.0
|
Clientless VPN |
— (no client required)
|
— (no client required)
|
— (no client required)
|
— (no client required)
|
— (no client required)
|
—
|
— (no client required)
|
— (no client required)
|
Connect Methods
| ||||||||
1.3.0
|
1.3.0
| 5.0.0 (through extended support for the
GlobalProtect app for Android) |
1.0.0
|
3.1.3
(Always On configured from third-party MDM)
| 6.2.5 |
1.0.0
|
4.1.0
| |
Connection Priority
| ||||||||
Internal Gateway Selection by Source IP Address |
4.0.0
(Except DHCP options)
|
4.0.0
(Except DHCP options)
|
—
|
4.0.0
|
—
|
—
|
4.0.0
|
4.1.0
|
Modes
| ||||||||
Internal mode
|
1.3.0
|
1.3.0
|
—
|
1.0.0
|
—
|
—
|
1.0.0
|
4.1
|
External mode
|
1.3.0
|
1.3.0
|
3.1.1
|
1.0.0
|
3.1.3
|
—
|
1.0.0
|
4.1
|
Networking
| ||||||||
IPv4 Addressing
|
1.3.0
|
1.3.0
|
3.1.1
|
1.0.0
|
3.1.3
| 6.2.5 |
1.0.0
|
4.1
|
Optimized Split Tunneling for GlobalProtect |
—
|
—
|
—
|
4.1.0
|
—
|
—
|
4.1.0
|
6.1.0
Domain-based split tunneling only; application-based split tunneling
not supported
|
Per-App VPN |
4.0.0
|
4.0.0
|
—
| |||||
Customization
| ||||||||
Configurable Maximum Transmission Unit for GlobalProtect Connections |
5.2.4
|
5.2.4
|
5.2.4
|
5.2.4
|
5.2.4
|
—
|
5.2.4
|
5.2.4
|
Endpoint Tunnel Configurations Based on Source Region or IP Address |
4.1.0
|
4.1.0
|
4.1.0
|
4.1.0
|
4.1.0
|
—
|
4.1.0
|
4.1.0
|
Portal Configuration Assignment and HIP-Based Access Control Using New Endpoint Attributes |
4.1.0
|
4.1.0
|
4.1.0
|
4.1.0
|
4.1.0
|
—
|
4.1.0
|
4.1.0
|
DNS Configuration Assignment Based on Users or User Groups |
4.1.0
|
4.1.0
|
4.1.0
|
4.1.0
|
4.1.0
|
—
|
4.1.0
|
4.1.0
|
Tunnel Restoration and Authentication Cookie Usage Restrictions |
4.1.0
|
4.1.0
|
4.1.0
|
4.1.0
|
4.1.0
|
—
|
4.1.0
|
4.1.0
|
—
|
—
|
—
|
FIPS Validated on 5.1.4
CC Certified on 5.1.5
x86 platforms
FIPS-CC available on 6.0.7
|
—
|
—
|
FIPS Validated on 5.1.4
CC Certified on 5.1.5
x86 platforms
FIPS-CC available on 6.0.7
|
6.0.7
| |
Pre-logon tunnel rename timeout
|
—
|
—
|
—
|
4.0.2
|
—
|
—
|
—
|
—
|
Enforce GlobalProtect for Network Access |
—
|
—
|
—
|
3.1.0
|
3.1.3
(VPN Lockdown configured from third-party MDM)
|
6.2.5
|
3.1.0
|
—
|
Deployment of SSL Forward Proxy CA certificates in the trust
store
|
—
|
—
|
—
|
3.0.0
|
—
| 6.2.5 |
3.0.0
|
—
|
HIP reports
|
1.3.0
|
1.3.0
|
3.0.0
|
1.0.0
|
3.1.3
(Host information only; Notifications not supported)
| 6.2.5 |
1.0.0
|
4.1.0
(Host information only)
|
Run scripts before and after sessions
|
—
|
—
|
—
|
2.3.0
|
—
|
—
|
2.3.0
|
—
|
Allow users to disable GlobalProtect
|
6.0
|
—
|
—
|
2.2.0
|
—
|
—
|
2.2.0
|
4.1.0
|
Welcome and help pages
|
1.3.0
|
1.3.0
|
3.0.0
|
1.0.0
|
—
|
—
|
1.0.0
|
—
|
Extend User Session for GlobalProtect Users
|
—
|
—
|
—
|
6.2.0
|
6.2.0
|
—
|
6.2.0
|
—
|
Other
| ||||||||
GlobalProtect Portal and Gateway Support for TLSv1.3 |
6.0.8, 6.1.3,6.2.1, or later versions
|
6.0.8, 6.1.3,6.2.1, or later versions
|
6.0.8, 6.1.3,6.2.1, or later versions
|
6.0.8, 6.1.3,6.2.1, or later versions
(Minimum version of Windows 11 required)
|
6.0.8, 6.1.3,6.2.1, or later versions
|
—
|
6.0.8, 6.1.3,6.2.1, or later versions
|
6.0.8, 6.1.3,6.2.1, or later versions
(Ubuntu 20)
|
User Location Visibility on GlobalProtect Gateways and Portals |
4.1.0
|
4.1.0
|
4.1.0
|
4.1.0
|
4.1.0
|
—
|
4.1.0
|
4.1.0
|
Automatic VPN Reconnect for Chromebooks
|
—
|
—
|
4.1.0
|
—
|
—
|
—
|
—
|
—
|
Support for Native Certificate Store for Prisma Access and GloabProtect App on Linux Endpoints |
—
|
—
|
—
|
—
|
—
|
—
|
—
|
6.2.0 or later versions
|
Enhancements for Authentication Using Smart Cards |
—
|
—
|
—
|
6.3.0 or later versions
|
—
|
—
|
6.3.1 or later versions
|
—
|
Enhancements for Authentication Using Smart Cards-Removal of Multiple PIN Prompts |
—
|
—
|
—
|
6.3.0 or later versions
|
—
|
—
|
6.3.0 or later versions
|
—
|
CLI Support for SAML Authentication with Default Browser for GlobalProtect App on Linux Endpoints |
—
|
—
|
—
|
—
|
—
|
—
|
—
|
6.2.1 or later versions
|
(Deprecates Device Block List)
|
5.1.0
|
5.1.0
|
5.1.0
|
5.1.0
|
5.1.0
|
—
|
5.1.0
|
5.1.0
|