Redesigned GlobalProtect App User Interface for Windows and macOS
Software Support: Starting with GlobalProtect™
app 6.0
OS Support: Windows 10 and macOS
The GlobalProtect app 6.0 for Windows and macOS
introduces a streamlined user interface and a more intuitive connection
process. The redesigned app features improved workflows that enable
a better user experience. With this redesign, the GlobalProtect
app can now provide friendly, informative messages to help end users understand
connectivity or access issues. Additionally, end users can now have
a better understanding on monitoring the security state and activity
on their endpoint.
The following user experience enhancements are redesigned in
GlobalProtect app 6.0:
A Status Panel that displays
the state of the GlobalProtect connection and allows end users to
connect or to disconnect from GlobalProtect.
A Settings Panel that allows
end users to view, modify, monitor, and troubleshoot their GlobalProtect
app settings
Seamless Login connection experience
from the status panel that allows end users to log in. With the On-Demand connect
method, end users can now select the client certificate from a list
of valid certificates to authenticate with the portal or gateway
on the Windows endpoint.
Resilient Connection that enables
GlobalProtect to reconnect automatically after interruptions with
network activity.
Welcome Page
If end users are logging in to the endpoint for the
first time, the GlobalProtect app now displays a friendly, welcome
page upon successful login. End users can click Get Started to
enter the IP address (or domain) of the GlobalProtect portal or
their user credentials, and then click Connect to
initiate the connection.
Status Panel
GlobalProtect opens the status panel when you launch
the app. The status panel displays the state of the GlobalProtect
connection and allows end users to connect to or disconnect from
GlobalProtect.
If there are notifications that triggered on the GlobalProtect
app, the Notifications dialog appears next to the status panel.
End users can now click the star icon (
) to
designate a preferred gateway. Upon the next connection, the app
automatically connects to the preferred gateway.
If end users want to remove the preferred gateway designation
and instead connect to the best available gateway, they can simply
clear the star icon to remove this gateway as a preferred gateway.
By default, end users automatically connect to the Best
Available gateway that is identified by a check mark
from the Change Gateway drop-down. If the
end user sets the preferred gateway, a star displays by the gateway
from the Change Gateway drop-down.
If you configured manual external gateways in your portal agent
configuration, end users can choose a specific gateway using the
gateway search field.
The status panel also contains additional information and options
for the redesigned GlobalProtect app.
The hamburger menu on the status panel now includes the following options:
Refresh Connection—Allows end
users to perform network discovery. This option is available only
if you Enable Rediscover Network Option in
the GlobalProtect portal agent configuration (NetworkGlobalProtectPortals<portal-config>Agent<agent-config>App).
Settings—Opens the settings panel
where end users can view, modify, monitor, and troubleshoot their
GlobalProtect app settings.
Help Center—Opens the GlobalProtect
Help page, which provides general information about how to use the
GlobalProtect app. This option does not display on the Settings menu
if you disable (select None) the App
Help Page in the GlobalProtect portal agent configuration (NetworkGlobalProtectPortals<portal-config>GlobalProtect Portal ConfigurationGeneralAppearance).
Disconnect—Disconnects the GlobalProtect app.
This option is available only if you configure the Connect Method as User-logon
(Always On) and Allow User to Disable GlobalProtect
App in the GlobalProtect portal agent configuration (NetworkGlobalProtectPortals<portal-config>Agent<agent-config>App).
If your configuration
includes a challenge to end users, the GlobalProtect app now prompts
them to respond to one or more reasons such as Internet
speed slow or App not working (if
required). The reasons for disconnecting are displayed only if you
configure Display the following reasons to disconnect GlobalProtect
(Always-on mode) in the GlobalProtect portal agent configuration
(NetworkGlobalProtectPortals<portal-config>Agent<agent-config>App). End users can provide
a reason for disconnecting if you configured Allow User
to Disable GlobalProtect App as Allow with
Comment in the GlobalProtect portal agent configuration (NetworkGlobalProtectPortals<portal-config>Agent<agent-config>App).
If you
did not configure the GlobalProtect app to display the reasons for disconnecting,
end users are prompted to provide a reason for disconnecting from
the app.
Settings Panel
The settings panel now allows end users to view and
modify the following settings for the GlobalProtect app:
Connections—The Connections tab
displays the portal(s) associated with the GlobalProtect account.
End users can add, edit, or delete portals from this tab. This tab
also displays the gateway to which the end user is connected. End
users can view connection statistics about the gateway (for example,
gateway IP address, location, and VPN session uptime) when you set Enable
Advanced View to Yes in the GlobalProtect
portal agent configuration (NetworkGlobalProtectPortals<portal-config>Agent<agent-config>App).
Preferences—The Preferences tab
is now available only if you configure at least one of the following
options:
Enable Biometric Sign-in—End users
can choose to use biometric (fingerprint) information to sign in.
This option is available only if you configure the Save
User Credentials to Only with User Fingerprint in
the GlobalProtect agent configuration (NetworkGlobalProtectPortals<portal-config>Agent<agent-config>Authentication). End users
must supply a fingerprint that matches a trusted fingerprint template on
the endpoint to use a saved password for authentication to GlobalProtect portal
and gateways.
Do not display a welcome page upon each successful
connection—End users can choose to display a welcome
page upon successful login. This option is available only if you
set the Welcome Page to factory-default in
the GlobalProtect portal agent configuration (NetworkGlobalProtectPortals<portal-config>Agent<agent-config>App).
Connect with SSL—End users can choose to
use SSL or stay with IPSec. This option is available only if you
set Connect with SSL Only to User
can Change in the GlobalProtect portal agent configuration (NetworkGlobalProtectPortals<portal-config>Agent<agent-config>App).
Always run diagnostic tests and include logs—End
users can choose to enable the GlobalProtect app to run diagnostic
tests and to include diagnostic logs. This option is available only
if you enable the GlobalProtect app
log collection for troubleshooting on the GlobalProtect portal.
Troubleshooting—On macOS endpoints,
the Troubleshooting tab allows end users
to Collect Logs and set the logging level
to Debug Logs or Dump Logs,
view information about the network configuration, route settings,
active connections, and logs and, if your administrator has given
you the ability to decide whether you want your endpoint to perform Autonomous DEM tests to determine
the cause of a user experience issue—you can toggle the Enable
User Experience Tests setting.
On Windows
endpoints, the Troubleshooting tab allows
end users to Collect Logs and set the logging
level to Debug Logs or Dump Logs and, if
your administrator has given you the ability to decide whether you
want your endpoint to perform Autonomous DEM tests to
determine the cause of a user experience issue—you can toggle the Enable
user experience tests setting.
Click Advanced to
access the Advanced Logging Settings window, which displays information
about the network configuration, route settings, active connections,
and logs.
Notifications—The Notifications tab
displays the detailed information about specific notifications triggered
on the GlobalProtect app.
End users
are also notified if there are no new notifications triggered on the
GlobalProtect app.
Host Information Profile—The Host
Profile Information tab displays the endpoint data that
GlobalProtect uses to monitor and enforce security policies using
the Host Information Profile.
End users can Resubmit to manually resubmit
HIP data to the gateway.
If you
configured multiple internal gateways in non-tunnel mode and internal
host detection, end users can click More Details to
monitor the Host Information Profile (HIP) report submission for
each gateway from a central location to help you to quickly troubleshoot
HIP related issues.
About—The About tab displays
the version of GlobalProtect currently installed on the endpoint
and allows end users to Check for Updates.
Seamless Login
With the On-Demand connect method,
end users must launch the GlobalProtect app from the system tray
to manually initiate the connection. After the connection initiates,
users can continue the login process on the status panel to establish
the connection.
Optionally, if end users are logging in to GlobalProtect for
the first time on a Windows endpoint, they can now select the client
certificate from a list of valid certificates from the Certificate drop-down
to authenticate with the portal or gateway.
Optionally, if you require end users to accept terms of use to
comply with corporate policies and to see a page to review your
company’s terms of service before connecting to GlobalProtect, you
must set Have User Accept Terms of Use Before Creating
Tunnel to Yes in the GlobalProtect
portal agent configuration (NetworkGlobalProtectPortals<portal-config>Agent<agent-config>App).
If end users do not accept terms of use, they will not be able
to connect to GlobalProtect.
Optionally, if end users click Cancel,
they must enter the IP address (or domain) of the GlobalProtect
portal, and then click Connect to initiate
the connection.
If multiple portals are saved on the app, select a portal from
the Portal drop-down. By default, the most
recently connected portal is pre-selected from the Portal drop-down.
Optionally, the endpoint is automatically connected to the Best Available gateway
(default) based on the configuration that you defined and the response
times of the available gateway. To manually connect to a specific gateway,
select the gateway from the Change Gateway drop-down
(external gateways only).
When end users disconnect from GlobalProtect by clicking Disconnect,
the status panel now displays the amount of time that GlobalProtect attempts
to reconnect.
With the Always On connect method, the
connection initiates automatically, which allows end users to establish
a connection without launching the GlobalProtect app. If you configure
the GlobalProtect portal to Save User Credentials,
the connection establishes automatically without requiring any user
interaction. If you disable the Save User Credentials option,
end users can log in and establish a connection by entering their
credentials.
When your end users password expires or a RADIUS or AD administrator requires
a password change at the next login, they can update their password
on the app. A notification appears when their password is about
to expire.
If prompted, end users must enter their Current Password, New
Password, and Confirm Password.
Then, click Update Password to reconnect
to GlobalProtect with their new password.
Resilient Connection
If you customize resilient VPN by specifying the Automatic
Restoration of VPN Connection Timeout to Yes in
the GlobalProtect portal agent configuration (NetworkGlobalProtectPortals<portal-config>Agent<agent-config>App), GlobalProtect automatically attempts
to attempt to reestablish the connection after the tunnel is disconnected. You
can configure the Wait Time Between VPN Connection Restore Attempts in
the GlobalProtect portal agent configuration (NetworkGlobalProtectPortals<portal-config>Agent<agent-config>App) to adjust the amount of
time GlobalProtect waits between attempts to restore the connection
With the Always On connect method, if
the end user switches from an external network to an internal network
before the timeout value expires, GlobalProtect does not perform
network discovery. As a result, GlobalProtect restores the connection
to the last known external gateway.
To trigger an internal host detection, the end user must select Refresh
Connection from the hamburger menu on the status panel.