Enable System Extensions in the GlobalProtect App for macOS Endpoints

Starting with macOS 10.15.4, Apple has limited the support of kernel extensions. The GlobalProtect app will use system extensions instead of kernel extensions. Users must approve system extensions before they can use them.
In addition to enabling system extensions, you can enable network extensions in the GlobalProtect app to suppress the
Network Extensions Configuration
pop-up prompts that are used for the Split Tunnel and Enforce GlobalProtect Connections for Network Access features. You can use the mobile device management system (MDM) such as Jamf Pro to automatically load the network extensions without receiving the pop-up prompts. Refer to the knowledge base article at https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HAW8 for information on how to enable system and network extensions using Jamf Pro.
Use the following steps to configure a profile to automatically approve the system extension using AirWatch. While this configuration has been tested with AirWatch, you can use any Qualified MDM vendor to create and implement this profile.
When you are using system extensions and need to switch to kernel extensions, see Deploy App Settings in the macOS Plist for details.
  1. Create a system extension profile.
    1. Log in to AirWatch as an administrator.
    2. Select
      Profiles & Resources
      , and then select
      Add Profile
      from the drop-down.
    3. In the
      Add Profile
      area, click
      Apple macOS
      , and then click the
      Device Profile
    4. In the
      area, specify the name for the profile.
      You can also select an existing system extension profile (
      Profiles & Resources
      ) in the list.
  2. Add a system extension.
    1. Select
      System Extensions
    2. Enter the
      Team Identifier
      used by the GlobalProtect app (
    3. Enter the
      Bundle Identifier
    4. Click
      Save and Publish
      to save your changes.

Recommended For You