GlobalProtect
Download and Install the GlobalProtect App for macOS
Table of Contents
Expand All
|
Collapse All
GlobalProtect Docs
-
- 10.1 & Later
- 9.1
-
- 6.3
- 6.2
- 6.1
- 6.0
- 5.3
- 5.2
- 5.1
-
- 6.1
- 6.0
- 5.2
- 5.1
-
- 6.3
- 6.2
- 6.1
- 6.0
- 5.3
- 5.2
- 5.1
Download and Install the GlobalProtect App for macOS
Before connecting to the GlobalProtect network,
you must download and install the GlobalProtect app on your macOS endpoint.
To ensure that you get the right app for your organization’s GlobalProtect
or Prisma Access deployment, you must download the app directly
from a GlobalProtect portal within your organization. For this reason,
there is no direct GP app download link available on the Palo Alto Networks
site.
To download and install the GlobalProtect app, you
must obtain the IP address or FQDN of the GlobalProtect portal from
your administrator. In addition, your administrator should verify
which username and password you can use to connect to the portal
and gateways. This is typically the same username and password that
you use to connect to your corporate network.
When you install
the GlobalProtect app for the first time on a macOS device running
macOS Catalina 10.15.4, macOS Big Sur 11, or later or upgrade to
GlobalProtect app 5.1.4, you must enable the system extensions that
are used for specific GlobalProtect features. If your administrator
has configured split tunnel on the GlobalProtect gateway based
on the destination domain name and application process name or enforced
GlobalProtect connections for network access on the GlobalProtect
portal (see GlobalProtect App Customization), the
System
Extension Blocked
notification message displays on the GlobalProtect
app during the installation. The message prompts users to enable
and allow the system extensions in macOS that are blocked from loading
to use the split tunnel and Enforce GlobalProtect for Network Access
features.Follow these guidelines when you use system
extensions:
- Only users with administrator privileges can enable the system extensions on the GlobalProtect app for macOS endpoints.
- Due to the security enhancement on macOS Catalina 10.15 and macOS Big Sur 11 to ensure that your data is protected while using third-party applications, GlobalProtect must request your permission before attempting access to files and folders stored in your Documents, Desktop, and Downloads folders and network drives. If your administrator has enabled HIP checks, new permission pop-ups appear on your macOS endpoint when GlobalProtect requests access to certain files and folder stored in your file system.
- The GlobalProtect app 5.1.4 running on macOS Catalina 10.15.4, macOS Big Sur 11, or later does not use kernel extensions and will use system extensions.
- The GlobalProtect app 5.1.4 running on macOS Catalina 10.15.4, macOS Big Sur 11, or later will not use the kernel extensions (com.paloaltonetworks.kext.pangpd) and instead will use any of the available utun interfaces provided by macOS as the virtual adapter.
- If you are upgrading from an earlier release to the GlobalProtect app 5.1.4 running on macOS Catalina 10.15.4, macOS Big Sur 11, or later, kernel extensions are no longer needed. After the upgrade, theSystem Extension Blockednotification message displays on the GlobalProtect app, prompting users to enable and allow the system extensions in macOS that was blocked from loading. By default, the app will not install system extensions and the same default settings are applied.
After you gather the required
information, use the following steps to download and install the
app:
- Log in to the GlobalProtect portal.
- Launch a web browser and go to the following URL:https://<portal IP address or FQDN>Example:http://gp.acme.com
- On the portal login page, enter yourName(username) andPasswordand then clickLOG IN. In most instances, you can use the same username and password that you use to connect to your corporate network.
- Navigate to the app download page.In most instances, the app download pages appears immediately after you log in to the portal. Use this page to download the latest app software package.If your system administrator has enabled GlobalProtect Clientless VPN access, the applications page opens after you log in to the portal (instead of the app download page). SelectGlobalProtect Agentto open the download page.
- Download the app.
- ClickDownload Mac 32/64 bit GlobalProtect agent.
- When prompted,Runthe software.
- When prompted again,Runthe GlobalProtect Installer.
- Complete the GlobalProtect app setup using the GlobalProtect Installer.
- From the GlobalProtect Installer, clickContinue.
- On theDestination Selectscreen, select the installation folder for the GlobalProtect app, and then clickContinue.
- On theInstallation Typescreen, select theGlobalProtectinstallation package check box.If your system administrator has configured the split tunnel on the gateway or enforced GlobalProtect connections for network access on the portal, select theGlobalProtect System Extensionscheck box (disabled by default).ClickContinue.
- ClickInstallto confirm that you want to install GlobalProtect.
- When prompted, enter yourUser NameandPassword, and then clickInstall Softwareto begin the installation.
- After installation is complete,Closethe installer.
- If your administrator has configured the portal to install the Autonomous DEM (ADEM) endpoint agent during the GlobalProtect app installation for the first time, selectOKin the following pop-up pop-up prompt so that it will not appear again:
- If you enabled theGlobalProtect System Extensions, selectOpen Security Preferencesto enable the system extensions in macOS that was blocked from loading from the followingSystem Extension Blockednotification:If your administrator has suppressed this notification by using the supported mobile device management system (MDM) such as Workspace ONE, you can automatically load the system extensionswithout receiving this notification.
- On theSecurity & Privacydialog, click thepadlockicon to make changes, and then selectApp Store and identified developersin theAllow apps downloaded fromarea. ClickAllow.