Enable Kernel Extensions in the GlobalProtect App for macOS Endpoints
Focus
Focus
GlobalProtect

Enable Kernel Extensions in the GlobalProtect App for macOS Endpoints

Table of Contents

Enable Kernel Extensions in the GlobalProtect App for macOS Endpoints

Starting with macOS 10.13, Apple introduced a software change that requires users to approve kernel extensions before they can use them.
While users can manually enable the kernel extension on macOS (
System Preferences
Security & Privacy
and selecting
Allow
for the kernel extension), you can use any Qualified MDM vendor to create a policy and automatically approve the kernel extension. Apple Technical Note TN2450 describes the process.
The following workflow has been tested using Workspace ONE.
  1. Create a kernel extension policy.
    1. Log in to Workspace ONE as an administrator.
    2. Select
      Devices
      Profiles & Resources
      Profiles
      , and then select
      Add
      Add Profile
      from the drop-down.
    3. In the
      Add Profile
      area, click
      Apple macOS
      , and then click the
      Device Profile
      icon.
    4. In the
      General
      area, specify the name for the profile.
      You can also select an existing kernel extension profile (
      Devices
      Profiles & Resources
      Profiles
      ) in the list.
  2. Add a kernel extension and distribute the relevant policy to macOS devices.
    1. Select
      Kernel Extension Policy
      .
    2. Enter the
      Team Identifier
      used by the GlobalProtect app (
      PXPZ95SK77
      ).
    3. Enter the
      Bundle ID
      (
      com.paloaltonetworks.kext.pangpd
      ).
    4. Click
      Save and Publish
      to save your changes.

Recommended For You