>
    Enable GlobalProtect System Extensions on macOS Endpoints Using Jamf Pro
    Focus
    Download PDF
    Focus
    1. Home
    2. GlobalProtect
    3. Mobile Device Management
    4. Manage the GlobalProtect App Using Jamf Pro
    5. Manage the GlobalProtect App for macOS Using Jamf Pro
    6. Enable System and Network Extensions on macOS Endpoints Using Multiple Configuration Profiles
    7. Enable GlobalProtect System Extensions on macOS Endpoints Using Jamf Pro
    Download PDF
    GlobalProtect

    Enable GlobalProtect System Extensions on macOS Endpoints Using Jamf Pro

    Table of Contents

    Enable GlobalProtect System Extensions on macOS Endpoints Using Jamf Pro

    Use Jamf Pro to load GlobalProtect system extensions on macOS endpoints automatically without notifying end users.
    Where Can I Use This?
    What Do I Need?
    • Prisma Access
    • PAN-OS
    • GlobalProtect Subscription
    • Prisma Access Mobile Users license (for use with Prisma Access)
    • GlobalProtect Gateway license (for use with PAN-OS)
    • GlobalProtect app for macOS 6.0.4 and later and 6.1 and later releases
    • Endpoints running macOS 11 (Big Sur), macOS 12 (Monterey), or macOS 13 (Ventura)
    On the GlobalProtect app 6.0.4 and later and 6.1 releases running on macOS Big Sur 11, you can use Jamf Pro to configure a GlobalProtect signed configuration profile to automatically load system extensions that are required for the split tunnel, enforce GlobalProtect connections for network access, and split DNS features.
    For GlobalProtect app 6.0.3 and earlier users, you can Suppress Notifications on the GlobalProtect App for macOS Endpoints using a supported third-party mobile device management system (MDM) such as Workspace ONE.
    To enable the GlobalProtect system extension on macOS endpoints using Jamf Pro:
    1. In Jamf Pro, select
      Computers
      Configuration Profiles
      New
      .
    2. Create a configuration profile to enable GlobalProtect system extensions.
      1. Enter a
        Display Name
         for the configuration profile.
      2. Select
        System Extensions
        Configure
        .
      3. (Optional) Enter a
        Display Name
        .
      4. In
        System Extension Types
        , select
        Allowed System Extensions
        .
      5. Enter the
        Team Identifier
         for the GlobalProtect app (
        PXPZ95SK77
        ).
      6. In the
        ALLOWED SYSTEM EXTENSIONS
         section,
        Add
         the Bundle Identifier for GlobalProtect system extensions (
        com.paloaltonetworks.GlobalProtect.client.extension
        ) and
        Save
         the allowed system extension.
      7. Save
         the configuration profile.
    3. Deploy the GlobalProtect app package and enable system extensions immediately after installation of the GlobalProtect app.
      1. Create an settings file called
        install_system_extensions.xml
         with the following content:
        <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<array>
           <dict>
                  <key>attributeSetting</key>
                  <integer>1</integer>
                  <key>choiceAttribute</key>
                  <string>selected</string>
                  <key>choiceIdentifier</key>
                  <string>third</string>
           </dict>
           <dict>
                  <key>attributeSetting</key>
                  <integer>1</integer>
                  <key>choiceAttribute</key>
                  <string>selected</string>
                  <key>choiceIdentifier</key>
                  <string>com.paloaltonetworks.globalprotect.systemext.pkg</string>
            </dict>
</array>
</plist>
      2. Deploy the GlobalProtect app package by running the following command:
        sudo installer -pkg GlobalProtect.pkg -applyChoiceChangesXML install_system_extensions.xml -target /

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.