Focus

GlobalProtect

macOS System Extensions Support

Table of Contents

Filter

Expand All | Collapse All

GlobalProtect Docs

Administration
Version
- 10.1 & Later
- 9.1
User Guide
Version
- 6.2
- 6.1
- 6.0
- 5.3
- 5.2
- 5.1
New Feature
Version
- 6.1
- 6.0
- 5.2
- 5.1
Release Notes
Version
- 6.2
- 6.1
- 6.0
- 5.3
- 5.2
- 5.1

GUI for GlobalProtect App for Linux

Proxy Handling for macOS Endpoints

macOS System Extensions Support

Software Support
: Starting with GlobalProtect™ app 5.1.4

OS Support
: macOS

The GlobalProtect App can now use system extensions on macOS Catalina 10.15.4 or macOS Big Sur 11 endpoints for enabling capabilities such as split tunnel on the GlobalProtect gateway based on the destination domain name and application process name and to enforce GlobalProtect connections for network access (see GlobalProtect App Customization) without requiring kernel extensions. When users install the GlobalProtect app for the first time on a macOS device running macOS Catalina 10.15.4, macOS Big Sur 11, or later or upgrade to GlobalProtect app 5.1.4, they must now enable the system extensions. If you have configured split tunnel on the gateway or enforced GlobalProtect connections for network access on the portal, the

System Extension Blocked

notification message displays on the app during the installation, prompting users to enable and allow the system extensions in macOS that are blocked from loading to use these GlobalProtect features.

(Optional) Allow GlobalProtect app users to automatically load the system extensions without receiving the

System Extension Blocked

notification.

Enable the

GlobalProtect System Extensions

to allow the system extensions in macOS to load.

Complete the GlobalProtect app setup using the GlobalProtect installer.

When prompted, select the

GlobalProtect System Extensions

check box on the

Installation Type

screen if the administrator has configured the split tunnel on the gateway or enforced GlobalProtect connections.

Select

Open Security Preferences

to enable the system extensions in macOS that was blocked from loading from the

System Extension Blocked

notification.

Enable the network extensions configuration in macOS to use split tunnel and Enforce GlobalProtect for Network Access.

Connect to the GlobalProtect portal or gateway.

(macOS Catalina 10.15.4 or later only) If you have configured split tunnel on the gateway, select

Allow

in the following pop-up prompt:

(macOS Catalina 10.15.4 or later only) If you have enabled the Enforce GlobalProtect Connections for Network Access feature, select

Allow

in the following pop-up prompt:

(macOS Big Sur 11 or later only) If you have configured split tunnel based on domains and applications on the GlobalProtect gateway and enabled the Enforce GlobalProtect Connections for Network Access feature, select

Allow

in the following pop-up prompt:

If you have suppressed the network extensions configuration notifications by using the mobile device management system (MDM) such as Jamf Pro, you can automatically load the network extensions without receiving these notifications. Refer to the knowledge base article at https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HAW8 for information on how to enable system and network extensions using Jamf Pro.

GUI for GlobalProtect App for Linux

Proxy Handling for macOS Endpoints

GlobalProtect Docs

macOS System Extensions Support

GlobalProtect Docs

macOS System Extensions Support

Recommended For You

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Experts Corner