Features Introduced in GlobalProtect App 5.2
Learn about the exciting new features introduced in the
GlobalProtect™ App 5.2 release.
The following table describes the new features introduced
in GlobalProtect app 5.2. For additional information on how to use
the new features in this release, refer to the GlobalProtect App 5.2 New Features
Guide.
New GlobalProtect Feature | Description |
---|---|
GlobalProtect App Log Collection for Trobuleshooting | ( GlobalProtect app 5.2.5 and later releases )
To help you to quickly resolve mobile user connection, performance,
and access issues for Prisma Access deployments, you can now configure
the GlobalProtect app to send troubleshooting and diagnostic logs
from the end user's endpoint to Cortex Data Lake for further analysis.
When end users report an issue from the GlobalProtect app (upon
users request), the app can generate and send an easy to read, comprehensive
report to help you to quickly identify the root cause of the remote
end user issue. Additionally, you can now configure the GlobalProtect
app to run end-to-end diagnostic tests to probe the state and performance
of the network connection and the performance of specific web applications
from the remote end user’s endpoint.Available with Content
Release Version 8350-14191 or later. |
Improved Connectivity Error Messages for
the GlobalProtect App | ( GlobalProtect app 5.2.5 and later releases )
To enable a better user experience, the GlobalProtect app is now
updated to display improved connectivity error messages. With this
change, the GlobalProtect app can now provide friendly, informative
connectivity error messages to help end users resolve issues on their
endpoint themselves to reduce support calls to their Help Desk professional. |
GlobalProtect for ARM-Based macBooks Using
Rosetta Translation | ( GlobalProtect app 5.2.5 and later releases )
GlobalProtect now extends enterprise security protection to enable enforcement
of the same next-generation firewall-based policies that are enforced
within the physical perimeter to ARM devices running macOS using
Rosetta translation. You can download the GlobalProtect app directly
from the Apple App Store. |
Configurable Maximum Transmission Unit for
GlobalProtect Connections | ( GlobalProtect app 5.2.4 and later releases )
To optimize the connection experience for end users connecting over networks
that require maximum transmission unit (MTU) values lower than the
standard of 1500 bytes, you can now specify the MTU value that is
used by the GlobalProtect app to connect to the gateway. By reducing
the MTU size, you can eliminate performance and connectivity issues
that occur due to fragmentation when the VPN tunnel connections
go through multiple Internet Service Providers (ISPs) and network paths
with MTU lower than 1500 bytes. Available with Content Release
Version 8346-6423 or later. |
Enforce GlobalProtect Connections with FQDN
Exclusions (Windows 10 and macOS running macOS Catalina 10.15.4 or
later) | To improve user experience when the Enforce
GlobalProtect for Network Access feature is enabled, you can now
specify the fully qualified domain names for which you allow access
when you enforce GlobalProtect connections for network access. For
example, the endpoint can communicate with a cloud-hosted identity provider
(ldP) for authentication purposes or a remote device management
server even when the Enforce GlobalProtect for Network Access feature
is enabled. Available with Content Release Version 8284-6139
or later. |
Split DNS (Windows 10 and macOS running
macOS Catalina 10.15.4 or later) | To enable users to access applications or local
resources, you can now specify exclusions or inclusions and send
DNS queries to a local DNS server using the physical adapter on
the endpoint. With split DNS, you can configure which domains are
resolved by the VPN assigned DNS servers and which domains are resolved
by the local DNS servers. Available with Content Release Version 8284-6139
or later. |
Default System Browser for SAML Authentication
(Windows 10, macOS, Linux, iOS, and Android) | If you have set up the GlobalProtect portal to
authenticate users through Security Assertion Markup Language (SAML)
authentication, end users can now connect without having to re-enter their
credentials in the GlobalProtect app, for a seamless single sign-on
(SSO) experience. End users can now leverage the same login for GlobalProtect
and their default system browser such as Chrome, Firefox, or Safari.
This enables end users to connect to GlobalProtect and to allow
single-sign on to SAML-enabled applications on first-use only. After
end users successfully authenticate, their saved user credentials
will be remembered by the default system browser. Additionally,
on any browser that supports the Web Authentication (WebAuthn) API,
you can use Universal 2nd Factor (U2F) security tokens such as YubiKeys
for multi-factor authentication (MFA) to authenticate to identity
providers (ldPs) such as Onelogin or Okta. Available with
Content Release Version 8284-6139 or later. |
Connect Before Logon (Windows 10) | To simplify the login process and improve your
experience, end users can now establish the VPN connection to the
corporate network before logging in to Windows endpoint using a
Smart card, authentication service such as LDAP, RADIUS, or Security
Assertion Markup Language (SAML), username/password-based authentication,
or one-time password (OTP) authentication. Connect Before Logon
is particularly useful for onboarding new users on the endpoint
that is not set up with a local profile or account for the user.
Users can log in to the Windows endpoint for the first-time without
a local administrator profile. And because Connect Before Logon
enables the user to log in to the VPN before logging into the Windows
endpoint, it reduces the frustration for users who get locked out
of their account when they fail to reset the password in time, for
example. |
Recommended For You
Recommended Videos
Recommended videos not found.