Before connecting to the GlobalProtect network,
you must download and install the GlobalProtect app on your macOS endpoint.
To ensure that you get the right app for your organization’s GlobalProtect
or Prisma Access deployment, you must download the app directly
from a GlobalProtect portal within your organization. For this reason,
there is no direct GP app download link available on the Palo Alto Networks
site.
To download and install the GlobalProtect app, you
must obtain the IP address or FQDN of the GlobalProtect portal from
your administrator. In addition, your administrator should verify
which username and password you can use to connect to the portal
and gateways. This is typically the same username and password that
you use to connect to your corporate network.
When you install
the GlobalProtect app for the first time on a macOS device running
macOS Catalina 10.15.4, macOS Big Sur 11, or later or upgrade to
GlobalProtect app 5.1.4, you must enable the
system extensions that
are used for specific GlobalProtect features. If your administrator
has configured split tunnel on the
GlobalProtect gateway based
on the destination domain name and application process name or enforced
GlobalProtect connections for network access on the GlobalProtect
portal (see
GlobalProtect App Customization), the
System
Extension Blocked notification message displays on the GlobalProtect
app during the installation. The message prompts users to enable
and allow the system extensions in macOS that are blocked from loading
to use the split tunnel and Enforce GlobalProtect for Network Access
features.
Follow these guidelines when you use system
extensions:
Only users with administrator privileges
can enable the system extensions on the GlobalProtect app for macOS endpoints.
Due to the security enhancement on macOS Catalina 10.15 and
macOS Big Sur 11 to ensure that your data is protected while using third-party
applications, GlobalProtect must request your permission before
attempting access to files and folders stored in your Documents, Desktop,
and Downloads folders and network drives. If your administrator
has enabled HIP checks, new permission pop-ups appear on your macOS
endpoint when GlobalProtect requests access to certain files and
folder stored in your file system.
The GlobalProtect app 5.1.4 running on macOS Catalina 10.15.4,
macOS Big Sur 11, or later does not use kernel extensions and will
use system extensions.
The GlobalProtect app 5.1.4 running on macOS Catalina 10.15.4,
macOS Big Sur 11, or later will not use the kernel extensions (
com.paloaltonetworks.kext.pangpd)
and instead will use any of the available
utun interfaces provided
by macOS as the virtual adapter.
If you are upgrading from an earlier release to the GlobalProtect
app 5.1.4 running on macOS Catalina 10.15.4, macOS Big Sur 11, or
later, kernel extensions are no longer needed. After the upgrade,
the System Extension Blocked notification message displays on
the GlobalProtect app, prompting users to enable and allow the system
extensions in macOS that was blocked from loading. By default, the
app will not install system extensions and the same default settings
are applied.
After you gather the required
information, use the following steps to download and install the
app: