Always On Security for Chromebooks

Chromebooks now support Always On VPN through extended support for the GlobalProtect app for Android.
Software Support
: Starting with GlobalProtect™ App 5.0
OS Support
: Google Chrome OS 45 and later releases
Chromebooks now support Always On VPN through extended support for the GlobalProtect app for Android. With this feature, you can enable your end users to run the GlobalProtect app for Android on their Chromebooks to ensure that they are always connected to GlobalProtect and have access to always on security regardless of where they are located. End users can install the app manually from the Google Play Store or you can push the app to managed Chromebooks using a mobile device management (MDM) system.
The GlobalProtect app for Android is supported only on certain Chromebooks.
Chromebooks that do not support Android applications must continue to use the GlobalProtect app for Chrome. However, these Chromebooks will not support Always On VPN.
If the GlobalProtect app for Android is installed on a Chromebook for Always On VPN capability, the GlobalProtect app for Chrome should not be installed on the same Chromebook.
When you configure GlobalProtect with an Always On VPN configuration, the GlobalProtect app automatically connects each time a user unlocks his or her endpoint. This enables you to monitor all user traffic continuously (including SaaS and internet traffic) and achieve consistent policy enforcement to prevent security threats. For example, an increasing number of schools are now supplying students with Chromebooks for online exams, homework assignments, and classroom communication. However, they must ensure that their students do not access harmful or inappropriate content from these Chromebooks. Though schools can enforce security policies and monitor user traffic while students are on campus (using URL filtering and threat prevention policies), they must also be able to provide the same level of security when their students are off campus. With this feature, they can deploy the GlobalProtect app for Android on these Chromebooks to ensure that their students are always connected to GlobalProtect for secure network access.
The following GlobalProtect features are supported when you use the GlobalProtect app for Android on Chromebooks. A - indicates that the feature is not supported.
Feature Support
App login enhancements
Multi-factor authentication policy
SAML authentication
Expired Active Directory password change for remote users
Active Directory password change using the GlobalProtect Credential Provider
Single Sign-On (SSO)
SSO (Credential Provider)
Kerberos SSO
VPN Connections
Clientless VPN
— (no client required)
Connect Methods
User-logon (always on)
Pre-logon (always-on)
Pre-logon (then on-demand)
Connection Priority
External gateway priority by source region
Internal gateway selection by source IP address
Internal mode
External mode
IPv4 addressing
IPv6 addressing
Split tunnel based on access route
Split tunnel based on destination domain, client process, and video streaming application
GlobalProtect Credential Provider pre-logon connection status
Multiple portal support
Resilient VPN
Pre-logon tunnel rename timeout
Restrict transparent app upgrades to internal network connections
Enforce GlobalProtect for network access
Deployment of SSL Forward Proxy CA certificates in the trust store
HIP reports
Run scripts before and after sessions
Allow users to disable GlobalProtect
Welcome and help pages
Automatic VPN Reconnect for Chromebooks
Refer to the following sections for more information on installing and managing the GlobalProtect app for Android on Chromebooks:

Recommended For You