Features Introduced in GlobalProtect App 5.2

Learn about the exciting new features introduced in the GlobalProtect™ App 5.2 release.
The following table describes the new features introduced in GlobalProtect app 5.2. For additional information on how to use the new features in this release, refer to the GlobalProtect App 5.2 New Features Guide.
New GlobalProtect Feature
Description
Enforce GlobalProtect Connections with FQDN Exclusions (Windows 10 and macOS running macOS Catalina 10.15.4 or later)
To improve user experience when the Enforce GlobalProtect for Network Access feature is enabled, you can now specify the fully qualified domain names for which you allow access when you enforce GlobalProtect connections for network access. For example, the endpoint can communicate with a cloud-hosted identity provider (ldP) for authentication purposes or a remote device management server even when the Enforce GlobalProtect for Network Access feature is enabled.
Available with Content Release Version 8284-6139 or later.
Split DNS (Windows 10 and macOS running macOS Catalina 10.15.4 or later)
To enable users to access applications or local resources, you can now specify exclusions or inclusions and send DNS queries to a local DNS server using the physical adapter on the endpoint. With split DNS, you can configure which domains are resolved by the VPN assigned DNS servers and which domains are resolved by the local DNS servers.
Available with Content Release Version 8284-6139 or later.
Default System Browser for SAML Authentication (Windows 10, macOS, Linux, iOS, and Android)
If you have set up the GlobalProtect portal to authenticate users through Security Assertion Markup Language (SAML) authentication, end users can now connect without having to re-enter their credentials in the GlobalProtect app, for a seamless single sign-on (SSO) experience. End users can now leverage the same login for GlobalProtect and their default system browser such as Chrome, Firefox, or Safari. This enables end users to connect to GlobalProtect and to allow single-sign on to SAML-enabled applications on first-use only. After end users successfully authenticate, their saved user credentials will be remembered by the default system browser.
Additionally, on any browser that supports the Web Authentication (WebAuthn) API, you can use Universal 2nd Factor (U2F) security tokens such as YubiKeys for multi-factor authentication (MFA) to authenticate to identity providers (ldPs) such as Onelogin or Okta.
Available with Content Release Version 8284-6139 or later.
Connect Before Logon (Windows 10)
To simplify the login process and improve your experience, end users can now establish the VPN connection to the corporate network before logging in to Windows endpoint using a Smart card, authentication service such as LDAP, RADIUS, or Security Assertion Markup Language (SAML), username/password-based authentication, or one-time password (OTP) authentication. Connect Before Logon is particularly useful for onboarding new users on the endpoint that is not set up with a local profile or account for the user. Users can log in to the Windows endpoint for the first-time without a local administrator profile. And because Connect Before Logon enables the user to log in to the VPN before logging into the Windows endpoint, it reduces the frustration for users who get locked out of their account when they fail to reset the password in time, for example.

Recommended For You