GlobalProtect Administrator's Guide
  • GlobalProtect Administrator's Guide
  • GlobalProtect Documentation
  • All Documentation
>
Enable and Verify FIPS-CC Mode on macOS Endpoints
Focus
Download PDF
Focus
  1. Home
  2. GlobalProtect
  3. GlobalProtect FIPS-CC Certification
  4. Enable and Verify FIPS-CC Mode
  5. Enable and Verify FIPS-CC Mode on macOS Endpoints
Download PDF
GlobalProtect

Enable and Verify FIPS-CC Mode on macOS Endpoints

Table of Contents

Enable and Verify FIPS-CC Mode on macOS Endpoints

Enable and verify FIPS-CC mode for GlobalProtect using the macOS property list.
On macOS endpoints, use the following steps to enable and verify FIPS-CC mode for GlobalProtect™ using the macOS plist (property list):
To enable FIPS-CC mode for GlobalProtect, your must first enable FIPS-CC mode for macOS operating system. By default, FIPS mode for the macOS operating system is automatically enabled on endpoints running macOS 10.8 and later releases.
  1. Open the GlobalProtect plist file and locate the GlobalProtect customization settings.
    1. Launch a plist editor, such as Xcode.
    2. In the plist editor, open the following plist file: /Library/Preferences/com.paloaltonetworks.GlobalProtect.settings.plist.
    3. Locate the GlobalProtect Settings dictionary: /Palo Alto Networks/GlobalProtect/Settings.
      If the Settings dictionary does not exist, create it. You can add each key to the Settings dictionary as a string.
  2. Enable FIPS-CC mode for GlobalProtect.
    You cannot disable FIPS-CC after you enable it. To run GlobalProtect in non-FIPS-CC mode, end users must uninstall and then reinstall the GlobalProtect app. This clears all FIPS-CC mode settings from the macOS plist.
    In the Settings dictionary, add the following key-value pair to enable FIPS-CC mode:
    <key>enable-fips-cc-mode</key>
    <string>yes</string>
  3. Restart GlobalProtect.
    To enable the GlobalProtect app to initialize in FIPS-CC mode, you must restart GlobalProtect using one of the following methods:
    • Reboot your endpoint.
    • Restart the GlobalProtect application and GlobalProtect service (PanGPS):
      1. Launch the Finder.
      2. Open the Applications folder:
        • From the Finder sidebar, select Applications.
        • If you do not see Applications in the Finder sidebar, select GoApplications from the Finder menu bar.
          To display Applications in the Finder sidebar, select FinderPreferences from the Finder menu bar. From the Finder Preferences, select Sidebar and then enable the option to display Applications.
      3. Open the Utilities folder.
      4. Launch Terminal.
      5. Execute the following commands:
        username>$ launchctl unload -S Aqua
/Library/LaunchAgents/com.paloaltonetworks.gp.pangpa.plist     
username>$ launchctl unload -S Aqua
/Library/LaunchAgents/com.paloaltonetworks.gp.pangps.plist
username>$ launchctl load -S Aqua 
/Library/LaunchAgents/com.paloaltonetworks.gp.pangps.plist
username>$ launchctl load -S Aqua
/Library/LaunchAgents/com.paloaltonetworks.gp.pangpa.plist
        Code copied to clipboard
         
        Unable to copy due to lack of browser support.
  4. Verify that FIPS-CC mode is enabled on the GlobalProtect app.
    1. Launch the GlobalProtect app.
    2. From the status panel, open the settings dialog (
      ).
    3. Select About.
    4. Verify that FIPS-CC mode is enabled. If FIPS-CC mode is enabled, the About dialog displays the FIPS-CC Mode Enabled status.
  5. View the logs to view the GlobalProtect app logs related to FIPS-CC mode on endpoints running macOS.
  6. View, collect, and send the logs to administrator to troubleshoot and resolve the issues related to FIPS-CC mode on devices running macOS.

Technical Documentation

Company

Legal Notices

© 2025 Palo Alto Networks, Inc. All rights reserved.

xThanks for visiting https://docs.paloaltonetworks.com. To improve your experience when accessing content across our site, please add the domain to the allow list on your ad blocker application.