Enable System and Network Extensions on macOS Endpoints Using Multiple Configuration
Profiles
Enable system and network extensions for features such as split tunneling, enforcing
GlobalProtect connections for network access without requiring kernel extensions, or split
DNS.
| Where Can I Use This? | What Do I Need? |
|---|
|
|
Prisma Access Mobile Users license (for use with Prisma
Access) GlobalProtect Gateway license (for use with PAN-OS) GlobalProtect app for macOS 6.0.4 and later and 6.1 and later
releases Endpoints running macOS 11 (Big Sur), macOS 12 (Monterey), or
macOS 13 (Ventura)
|
End users must enable system and network extensions on macOS endpoints if the
GlobalProtect app is configured with any of the following features:
After the installation or upgrade of the GlobalProtect app on a macOS device,
notification messages appear that prompt users to load the GlobalProtect system
extension and network extensions that were blocked from loading.
To allow the GlobalProtect app to run seamlessly without disruption on macOS endpoints,
you can create GlobalProtect signed configuration profiles and deploy them using Jamf
Pro to load the system and network extensions, and suppress the notification pop-ups
automatically.
The following procedures assume that the macOS endpoints do not have network
extensions enabled manually. If users already enabled network extensions when they
were notified by GlobalProtect pop-ups, deploying configuration profiles using Jamf
Pro to enable network extensions will create duplicate network extension entries on
the macOS endpoints.
Refer to the following sections for information on how to enable system and network
extensions on the GlobalProtect app for macOS endpoints:
