Enable Kernel Extensions in the GlobalProtect App for macOS Endpoints

Starting with macOS 10.13, Apple introduced a software change that requires users to approve kernel extensions before they can use them.
While users can manually enable the kernel extension on macOS (
System Preferences
Security & Privacy
and selecting
Allow
for the kernel extension), you can use any Qualified MDM vendor to create a policy and automatically approve the kernel extension. Apple Technical Note TN2450 describes the process.
The following workflow has been tested using Airwatch.
  1. Create a kernel extension policy.
    1. Log in to AirWatch as an administrator.
    2. Select
      Devices
      Profiles & Resources
      Profiles
      , and then select
      Add
      Add Profile
      from the drop-down.
    3. In the
      Add Profile
      area, click
      Apple macOS
      , and then click the
      Device Profile
      icon.
    4. In the
      General
      area, specify the name for the profile.
      You can also select an existing kernel extension profile (
      Devices
      Profiles & Resources
      Profiles
      ) in the list.
  2. Add a kernel extension and distribute the relevant policy to macOS devices.
    1. Select
      Kernel Extension Policy
      .
    2. Enter the
      Team Identifier
      used by the GlobalProtect app (
      PXPZ95SK77
      ).
    3. Enter the
      Bundle ID
      (
      com.paloaltonetworks.kext.pangpd
      ).
    4. Click
      Save and Publish
      to save your changes.

Recommended For You