Enable System Extensions in the GlobalProtect App for macOS Endpoints
Starting with macOS 10.15.4, Apple has limited
the support of kernel extensions. The GlobalProtect app will use
system extensions instead of kernel extensions. Users must approve
system extensions before they can use them.
In addition
to enabling system extensions, you can enable network extensions
in the GlobalProtect app to suppress the
Network Extensions
Configuration
pop-up prompts that are used for the Split Tunnel
and Enforce GlobalProtect Connections for Network Access features.
You can use the mobile device management system (MDM) such as Jamf
Pro to automatically load the network extensions without receiving
the pop-up prompts. Refer to the knowledge base article at https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HAW8 for
information on how to enable system and network extensions
using Jamf Pro.Use the following steps to configure
a profile to automatically approve the system extension using AirWatch.
While this configuration has been tested with AirWatch, you can
use any Qualified MDM vendor to
create and implement this profile.
When you are using
system extensions and need to switch to kernel extensions,
see Deploy App Settings in the macOS Plist for details.
- Create a system extension profile.
- Log in to AirWatch as an administrator.
- Select , and then select from the drop-down.
- In theAdd Profilearea, clickApple macOS, and then click theDevice Profileicon.
- In theGeneralarea, specify the name for the profile.You can also select an existing system extension profile () in the list.
- Add a system extension.
- SelectSystem Extensions.
- Enter theTeam Identifierused by the GlobalProtect app (PXPZ95SK77).
- Enter theBundle Identifier(com.paloaltonetworks.GlobalProtect.client.extension)
- ClickSave and Publishto save your changes.
