Focus

GlobalProtect Features

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Version
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 9.1
Networking
Version
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
AIOps
Incidents & Alerts
Release Notes
Version
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1

Decryption Features

Management Features

GlobalProtect Features

Learn about the exciting new GlobalProtect™ features introduced in the PAN-OS® 10.0 release.

The following table describes new GlobalProtect features introduced in PAN-OS 10.0. For features related to the GlobalProtect app, see the GlobalProtect App 5.1 Release Notes and GlobalProtect Features.

New GlobalProtect Feature	Description
Identification and Quarantine of Compromised Devices	GlobalProtect now makes it easier for you to block compromised devices from your network by allowing you to track compromised devices using unique attributes, such as the hardware serial number of the device and unique host information. This ability can be preferable to blocking a compromised endpoint from a network based on its IP address, because if a device’s IP address changed (for example, if a user moved their endpoint from a work location to their home), security policies based on IP addresses could allow the endpoint back on the network. After GlobalProtect identifies a device as compromised (for example, if GlobalProtect detects that a device has been infected with malware and is performing command and control actions), it can add the device to a quarantine list and permanently block it from accessing the network. You can set security policies to quarantine the device or manually add it to a quarantine list.
Enhanced Logging for the Selected GlobalProtect Gateway	To help you to determine the reason for choosing the specific gateway to which to connect, the GlobalProtect app now collects and reports information to identify gateway selection criteria and latency between the gateway and the endpoint. After you enable the Log Gateway Selection Criteria option that is available as an app setting in the App Configuration area, the GlobalProtect app sends the logs about the gateway selection criteria to the firewall. With the additional GlobalProtect log fields, you can easily identify the priority and response time of the selected gateway, the list of gateway connection attempts, and statistics about the pre-tunnel and post-tunnel network latency.

New GlobalProtect Feature

Description

Identification and Quarantine of Compromised Devices

GlobalProtect now makes it easier for you to block compromised devices from your network by allowing you to track compromised devices using unique attributes, such as the hardware serial number of the device and unique host information. This ability can be preferable to blocking a compromised endpoint from a network based on its IP address, because if a device’s IP address changed (for example, if a user moved their endpoint from a work location to their home), security policies based on IP addresses could allow the endpoint back on the network.

After GlobalProtect identifies a device as compromised (for example, if GlobalProtect detects that a device has been infected with malware and is performing command and control actions), it can add the device to a quarantine list and permanently block it from accessing the network. You can set security policies to quarantine the device or manually add it to a quarantine list.

Enhanced Logging for the Selected GlobalProtect Gateway

To help you to determine the reason for choosing the specific gateway to which to connect, the GlobalProtect app now collects and reports information to identify gateway selection criteria and latency between the gateway and the endpoint. After you enable the

Log Gateway Selection Criteria

option that is available as an app setting in the

App Configuration

area, the GlobalProtect app sends the logs about the gateway selection criteria to the firewall. With the additional GlobalProtect log fields, you can easily identify the priority and response time of the selected gateway, the list of gateway connection attempts, and statistics about the pre-tunnel and post-tunnel network latency.

Decryption Features

Management Features

Next-Generation Firewall Docs

GlobalProtect Features

Next-Generation Firewall Docs

GlobalProtect Features

Recommended For You

Activation and Onboarding

Next-Generation Firewalls

Cloud-Delivered Security Services

Network Security

Visibility & Monitoring

Best Practices

Experts Corner