Redesigned GlobalProtect App User Interface for Windows and macOS

Software Support
: Starting with GlobalProtect™ app 6.0
OS Support
: Windows 10 and macOS
The GlobalProtect app 6.0 for Windows and macOS introduces a streamlined user interface and a more intuitive connection process. The redesigned app features improved workflows that enable a better user experience. With this redesign, the GlobalProtect app can now provide friendly, informative messages to help end users understand connectivity or access issues. Additionally, end users can now have a better understanding on monitoring the security state and activity on their endpoint.
The following user experience enhancements are redesigned in GlobalProtect app 6.0:
  • A Status Panel that displays the state of the GlobalProtect connection and allows end users to connect or to disconnect from GlobalProtect.
  • A Settings Panel that allows end users to view, modify, monitor, and troubleshoot their GlobalProtect app settings
  • Seamless Login connection experience from the status panel that allows end users to log in. With the
    On-Demand
    connect method, end users can now select the client certificate from a list of valid certificates to authenticate with the portal or gateway on the Windows endpoint.
  • Resilient Connection that enables GlobalProtect to reconnect automatically after interruptions with network activity.

Welcome Page

If end users are logging in to the endpoint for the first time, the GlobalProtect app now displays a friendly, welcome page upon successful login. End users can click
Get Started
to enter the IP address (or domain) of the GlobalProtect portal or their user credentials, and then click
Connect
to initiate the connection.

Status Panel

GlobalProtect opens the status panel when you launch the app. The status panel displays the state of the GlobalProtect connection and allows end users to connect to or disconnect from GlobalProtect.
If there are notifications that triggered on the GlobalProtect app, the Notifications dialog appears next to the status panel.
End users can now click the star icon ( ) to designate a preferred gateway. Upon the next connection, the app automatically connects to the preferred gateway.
If end users want to remove the preferred gateway designation and instead connect to the best available gateway, they can simply clear the star icon to remove this gateway as a preferred gateway.
By default, end users automatically connect to the
Best Available
gateway that is identified by a check mark from the
Change Gateway
drop-down. If the end user sets the preferred gateway, a star displays by the gateway from the
Change Gateway
drop-down.
If you configured manual external gateways in your portal agent configuration, end users can choose a specific gateway using the gateway search field.
The status panel also contains additional information and options for the redesigned GlobalProtect app.
The hamburger menu on the status panel now includes the following options:
  • Refresh Connection
    —Allows end users to perform network discovery. This option is available only if you
    Enable Rediscover Network Option
    in the GlobalProtect portal agent configuration (
    Network
    GlobalProtect
    Portals
    <portal-config>
    Agent
    <agent-config>
    App
    ).
  • Report an Issue
    —Allows end users to report an issue to their administrator. This option is available only if you enable the GlobalProtect app log collection for troubleshooting on the GlobalProtect portal.
  • Settings
    —Opens the settings panel where end users can view, modify, monitor, and troubleshoot their GlobalProtect app settings.
  • Help Center
    —Opens the GlobalProtect Help page, which provides general information about how to use the GlobalProtect app. This option does not display on the
    Settings
    menu if you disable (select
    None
    ) the
    App Help Page
    in the GlobalProtect portal agent configuration (
    Network
    GlobalProtect
    Portals
    <portal-config>
    GlobalProtect Portal Configuration
    General
    Appearance
    ).
  • Disconnect
    —Disconnects the GlobalProtect app. This option is available only if you configure the
    Connect Method
    as
    User-logon (Always On)
    and
    Allow User to Disable GlobalProtect App
    in the GlobalProtect portal agent configuration (
    Network
    GlobalProtect
    Portals
    <portal-config>
    Agent
    <agent-config>
    App
    ).
    If your configuration includes a challenge to end users, the GlobalProtect app now prompts them to respond to one or more reasons such as
    Internet speed slow
    or
    App not working
    (if required). The reasons for disconnecting are displayed only if you configure
    Display the following reasons to disconnect GlobalProtect (Always-on mode)
    in the GlobalProtect portal agent configuration (
    Network
    GlobalProtect
    Portals
    <portal-config>
    Agent
    <agent-config>
    App
    ). End users can provide a reason for disconnecting if you configured
    Allow User to Disable GlobalProtect App
    as
    Allow with Comment
    in the GlobalProtect portal agent configuration (
    Network
    GlobalProtect
    Portals
    <portal-config>
    Agent
    <agent-config>
    App
    ).
    If you did not configure the GlobalProtect app to display the reasons for disconnecting, end users are prompted to provide a reason for disconnecting from the app.

Settings Panel

The settings panel now allows end users to view and modify the following settings for the GlobalProtect app:
  • Connections
    —The
    Connections
    tab displays the portal(s) associated with the GlobalProtect account. End users can add, edit, or delete portals from this tab. This tab also displays the gateway to which the end user is connected. End users can view connection statistics about the gateway (for example, gateway IP address, location, and VPN session uptime) when you set
    Enable Advanced View
    to
    Yes
    in the GlobalProtect portal agent configuration (
    Network
    GlobalProtect
    Portals
    <portal-config>
    Agent
    <agent-config>
    App
    ).
  • Preferences
    —The
    Preferences
    tab is now available only if you configure at least one of the following options:
    • Enable Biometric Sign-in
      —End users can choose to use biometric (fingerprint) information to sign in. This option is available only if you configure the
      Save User Credentials
      to
      Only with User Fingerprint
      in the GlobalProtect agent configuration (
      Network
      GlobalProtect
      Portals
      <portal-config>
      Agent
      <agent-config>
      Authentication
      ). End users must supply a fingerprint that matches a trusted fingerprint template on the endpoint to use a saved password for authentication to GlobalProtect portal and gateways.
    • Do not display a welcome page upon each successful connection
      —End users can choose to display a welcome page upon successful login. This option is available only if you set the
      Welcome Page
      to
      factory-default
      in the GlobalProtect portal agent configuration (
      Network
      GlobalProtect
      Portals
      <portal-config>
      Agent
      <agent-config>
      App
      ).
    • Connect with SSL
      —End users can choose to use SSL or stay with IPSec. This option is available only if you set
      Connect with SSL Only
      to
      User can Change
      in the GlobalProtect portal agent configuration (
      Network
      GlobalProtect
      Portals
      <portal-config>
      Agent
      <agent-config>
      App
      ).
    • Always run diagnostic tests and include logs
      —End users can choose to enable the GlobalProtect app to run diagnostic tests and to include diagnostic logs. This option is available only if you enable the GlobalProtect app log collection for troubleshooting on the GlobalProtect portal.
  • Troubleshooting
    —On macOS endpoints, the
    Troubleshooting
    tab allows end users to
    Collect Logs
    and set the logging level to
    Debug Logs
    or
    Dump Logs
    , view information about the network configuration, route settings, active connections, and logs and, if your administrator has given you the ability to decide whether you want your endpoint to perform Autonomous DEM tests to determine the cause of a user experience issue—you can toggle the
    Enable User Experience Tests
    setting.
    On Windows endpoints, the
    Troubleshooting
    tab allows end users to
    Collect Logs
    and set the logging level to
    Debug Logs
    or
    Dump Logs
    and, if your administrator has given you the ability to decide whether you want your endpoint to perform Autonomous DEM tests to determine the cause of a user experience issue—you can toggle the
    Enable user experience tests
    setting.
    Click
    Advanced
    to access the Advanced Logging Settings window, which displays information about the network configuration, route settings, active connections, and logs.
  • Notifications
    —The
    Notifications
    tab displays the detailed information about specific notifications triggered on the GlobalProtect app.
    End users are also notified if there are no new notifications triggered on the GlobalProtect app.
  • Host Information Profile
    —The
    Host Profile Information
    tab displays the endpoint data that GlobalProtect uses to monitor and enforce security policies using the Host Information Profile. End users can
    Resubmit
    to manually resubmit HIP data to the gateway.
    If you configured multiple internal gateways in non-tunnel mode and internal host detection, end users can click
    More Details
    to monitor the Host Information Profile (HIP) report submission for each gateway from a central location to help you to quickly troubleshoot HIP related issues.
  • About
    —The
    About
    tab displays the version of GlobalProtect currently installed on the endpoint and allows end users to
    Check for Updates
    .

Seamless Login

With the
On-Demand
connect method, end users must launch the GlobalProtect app from the system tray to manually initiate the connection. After the connection initiates, users can continue the login process on the status panel to establish the connection.
Optionally, if end users are logging in to GlobalProtect for the first time on a Windows endpoint, they can now select the client certificate from a list of valid certificates from the
Certificate
drop-down to authenticate with the portal or gateway.
Optionally, if you require end users to accept terms of use to comply with corporate policies and to see a page to review your company’s terms of service before connecting to GlobalProtect, you must set
Have User Accept Terms of Use Before Creating Tunnel
to
Yes
in the GlobalProtect portal agent configuration (
Network
GlobalProtect
Portals
<portal-config>
Agent
<agent-config>
App
).
If end users do not accept terms of use, they will not be able to connect to GlobalProtect.
Optionally, if end users click
Cancel
, they must enter the IP address (or domain) of the GlobalProtect portal, and then click
Connect
to initiate the connection.
If multiple portals are saved on the app, select a portal from the
Portal
drop-down. By default, the most recently connected portal is pre-selected from the
Portal
drop-down.
Optionally, the endpoint is automatically connected to the
Best Available
gateway (default) based on the configuration that you defined and the response times of the available gateway. To manually connect to a specific gateway, select the gateway from the
Change Gateway
drop-down (external gateways only).
When end users disconnect from GlobalProtect by clicking
Disconnect
, the status panel now displays the amount of time that GlobalProtect attempts to reconnect.
With the
Always On
connect method, the connection initiates automatically, which allows end users to establish a connection without launching the GlobalProtect app. If you configure the GlobalProtect portal to
Save User Credentials
, the connection establishes automatically without requiring any user interaction. If you disable the
Save User Credentials
option, end users can log in and establish a connection by entering their credentials.
When your end users password expires or a RADIUS or AD administrator requires a password change at the next login, they can update their password on the app. A notification appears when their password is about to expire.
If prompted, end users must enter their
Current Password
,
New Password
, and
Confirm Password
. Then, click
Update Password
to reconnect to GlobalProtect with their new password.

Resilient Connection

If you customize resilient VPN by specifying the
Automatic Restoration of VPN Connection Timeout
to
Yes
in the GlobalProtect portal agent configuration (
Network
GlobalProtect
Portals
<portal-config>
Agent
<agent-config>
App
), GlobalProtect automatically attempts to attempt to reestablish the connection after the tunnel is disconnected. You can configure the
Wait Time Between VPN Connection Restore Attempts
in the GlobalProtect portal agent configuration (
Network
GlobalProtect
Portals
<portal-config>
Agent
<agent-config>
App
) to adjust the amount of time GlobalProtect waits between attempts to restore the connection
With the
Always On
connect method, if the end user switches from an external network to an internal network before the timeout value expires, GlobalProtect does not perform network discovery. As a result, GlobalProtect restores the connection to the last known external gateway.
To trigger an internal host detection, the end user must select
Refresh Connection
from the hamburger menu on the status panel.

Recommended For You