>
    Add a Configuration Profile for the GlobalProtect Enforcer by Using Jamf Pro 10.26.0
    Focus
    Download PDF
    Focus
    1. Home
    2. GlobalProtect
    3. Mobile Device Management
    4. Manage the GlobalProtect App Using Jamf Pro
    5. Manage the GlobalProtect App for macOS Using Jamf Pro
    6. Enable System and Network Extensions on macOS Endpoints Using Multiple Configuration Profiles
    7. Add a Configuration Profile for the GlobalProtect Enforcer by Using Jamf Pro 10.26.0
    Download PDF
    GlobalProtect

    Add a Configuration Profile for the GlobalProtect Enforcer by Using Jamf Pro 10.26.0

    Table of Contents

    Add a Configuration Profile for the GlobalProtect Enforcer by Using Jamf Pro 10.26.0

    Use Jamf Pro 10.26.0 to allow network content filtering (GlobalProtect enforcer) without notifying end users.
    Where Can I Use This?What Do I Need?
    • Prisma Access
    • PAN-OS
    • GlobalProtect Subscription
    • Prisma Access Mobile Users license (for use with Prisma Access)
    • GlobalProtect Gateway license (for use with PAN-OS)
    • GlobalProtect app for macOS 6.0.4 and later and 6.1 and later releases
    • Endpoints running macOS 11 (Big Sur), macOS 12 (Monterey), or macOS 13 (Ventura)
    If you are using Jamf Pro 10.26.0, and you configured the GlobalProtect app 6.0.4 and later or 6.1 releases with the enforce GlobalProtect connections for network access feature (enforcer), you must add a configuration profile to filter network content and deploy it to your macOS endpoints.
    Upon installation or upgrade of the GlobalProtect app, the following notification message appears:
    To allow this network extension and suppress the pop-up automatically, you must add a configuration profile to filter network content using Jamf Pro 10.26.0.
    For deploying GlobalProtect apps to macOS Big Sur 11 endpoints, you can also use the following instructions on any version of Jamf Pro to allow network extensions and suppress notification messages automatically.
    1. In Jamf Pro, select ComputersConfiguration ProfilesNew.
    2. Select Content Filter in the Options tab and configure the following values on the page:
      • FilterName = GlobalProtectEn
      • Identifier = com.paloaltonetworks.GlobalProtect.client
      • Socket Filter Bundle Identifier = com.paloaltonetworks.GlobalProtect.client.extension
      • Socket Filter Designated Requirement = anchor apple generic and identifier "com.paloaltonetworks.GlobalProtect.client.extension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = PXPZ95SK77)
      • Network Filter Bundle Identifier = com.paloaltonetworks.GlobalProtect.client.extension
      • Network Filter Designated Requirement = anchor apple generic and identifier "com.paloaltonetworks.GlobalProtect.client.extension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = PXPZ95SK77)
    3. Save the configuration profile.

    © 2024 Palo Alto Networks, Inc. All rights reserved.