Focus

GlobalProtect

Enable System Extensions in the GlobalProtect App for macOS Endpoints

Table of Contents

Filter

Expand All | Collapse All

GlobalProtect Docs

Administration
Version
- 10.1 & Later
- 9.1 (EoL)
User Guide
Version
- 6.3
- 6.2
- 6.1
- 6.0
- 5.1
New Feature
Version
- 6.1
- 6.0
- 5.1
Release Notes
Version
- 6.3
- 6.2
- 6.1
- 6.0
- 5.1

Enable Kernel Extensions in the GlobalProtect App for macOS Endpoints

Manage the GlobalProtect App Using Other Third-Party MDMs

Enable System Extensions in the GlobalProtect App for macOS Endpoints

You can suppress prompts for network extensions configuration by enabling system extensions.

Starting with macOS 10.15.4, Apple has limited the support of kernel extensions. The GlobalProtect app will use system extensions instead of kernel extensions. Users must approve system extensions before they can use them.

In addition to enabling system extensions, you can enable network extensions in the GlobalProtect app to suppress the Network Extensions Configuration pop-up prompts that are used for the Split Tunnel and Enforce GlobalProtect Connections for Network Access features. You can use a mobile device management system (MDM) such as Jamf Pro to load the network extensions automatically without receiving the pop-up prompts.

For GlobalProtect app 6.0.4 and later or 6.1 releases, you can Enable System and Network Extensions on macOS Endpoints Using Multiple Configuration Profiles.
For GlobalProtect app 6.0.3 or earlier, refer to the knowledge base article at https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HAW8 for information on how to enable system and network extensions using Jamf Pro.

If you are not using Jamf Pro, use the following steps to configure a profile to approve the system extension automatically using Workspace ONE. While this configuration has been tested with Workspace ONE, you can use any Qualified MDM vendor to create and implement this profile.

When you are using system extensions and need to switch to kernel extensions, see Deploy App Settings in the macOS Plist for details.

Create a system extension profile.
1. Log in to Workspace ONE UEM as an administrator.
2. Select DevicesProfiles & ResourcesProfiles, and then select AddAdd Profile from the drop-down.
3. In the Add Profile area, click Apple macOS, and then click the Device Profile icon.
4. In the General area, specify the name for the profile.
  You can also select an existing system extension profile (DevicesProfiles & ResourcesProfiles) in the list.
Add a system extension.
1. Select System Extensions.
2. Enter the Team Identifier used by the GlobalProtect app (PXPZ95SK77).
3. Enter the Bundle Identifier (com.paloaltonetworks.GlobalProtect.client.extension)
4. Click Save and Publish to save your changes.

Enable Kernel Extensions in the GlobalProtect App for macOS Endpoints

Manage the GlobalProtect App Using Other Third-Party MDMs

GlobalProtect Docs

Enable System Extensions in the GlobalProtect App for macOS Endpoints

GlobalProtect Docs

Enable System Extensions in the GlobalProtect App for macOS Endpoints

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Experts Corner