Enable System and Network Extensions on macOS Endpoints Using Multiple Configuration
Profiles
Enable system and network extensions for features such as split tunneling, enforcing
GlobalProtect connections for network access without requiring kernel extensions, or split
DNS.
| Where Can I Use This? | What Do I Need? |
|---|
- NGFW (managed by Panorama or Strata Cloud Manager)
- Prisma Access (managed by Panorama or Strata Cloud Manager)
|
- GlobalProtect Gateway license or Prisma Access license with the
Mobile User subscription
- GlobalProtect app 6.0.4 and later and 6.1 releases running on
macOS Big Sur 11, macOS Monterey, or macOS Ventura
|
End users must enable system and network extensions on macOS endpoints if the
GlobalProtect app is configured with any of the following features:
After the installation or upgrade of the GlobalProtect app on a macOS device,
notification messages appear that prompt users to load the GlobalProtect system
extension and network extensions that were blocked from loading.
To allow the GlobalProtect app to run seamlessly without disruption on macOS endpoints,
you can create GlobalProtect signed configuration profiles and deploy them using Jamf
Pro to load the system and network extensions, and suppress the notification pop-ups
automatically.
The following procedures assume that the macOS endpoints do not have network
extensions enabled manually. If users already enabled network extensions when they
were notified by GlobalProtect pop-ups, deploying configuration profiles using Jamf
Pro to enable network extensions will create duplicate network extension entries on
the macOS endpoints.
Refer to the following sections for information on how to enable system and network
extensions on the GlobalProtect app for macOS endpoints:
