Redesigned GlobalProtect App User Interface for Windows and macOS
Software Support
: Starting with GlobalProtect™
app 6.0
OS Support
: Windows 10 and macOS
The GlobalProtect app 6.0 for Windows and macOS
introduces a streamlined user interface and a more intuitive connection
process. The redesigned app features improved workflows that enable
a better user experience. With this redesign, the GlobalProtect
app can now provide friendly, informative messages to help end users understand
connectivity or access issues. Additionally, end users can now have
a better understanding on monitoring the security state and activity
on their endpoint.
The following user experience enhancements are redesigned in
GlobalProtect app 6.0:
A Status Panel that displays
the state of the GlobalProtect connection and allows end users to
connect or to disconnect from GlobalProtect.
A Settings Panel that allows
end users to view, modify, monitor, and troubleshoot their GlobalProtect
app settings
Seamless Login connection experience
from the status panel that allows end users to log in. With the
On-Demand
connect
method, end users can now select the client certificate from a list
of valid certificates to authenticate with the portal or gateway
on the Windows endpoint.
Resilient Connection that enables
GlobalProtect to reconnect automatically after interruptions with
network activity.
Welcome Page
If end users are logging in to the endpoint for the
first time, the GlobalProtect app now displays a friendly, welcome
page upon successful login. End users can click
Get Started
to
enter the IP address (or domain) of the GlobalProtect portal or
their user credentials, and then click
Connect
to
initiate the connection.
Status Panel
GlobalProtect opens the status panel when you launch
the app. The status panel displays the state of the GlobalProtect
connection and allows end users to connect to or disconnect from
GlobalProtect.
If there are notifications that triggered on the GlobalProtect
app, the Notifications dialog appears next to the status panel.
End users can now click the star icon (
) to
designate a preferred gateway. Upon the next connection, the app
automatically connects to the preferred gateway.
If end users want to remove the preferred gateway designation
and instead connect to the best available gateway, they can simply
clear the star icon to remove this gateway as a preferred gateway.
By default, end users automatically connect to the
Best
Available
gateway that is identified by a check mark
from the
Change Gateway
drop-down. If the
end user sets the preferred gateway, a star displays by the gateway
from the
Change Gateway
drop-down.
If you configured manual external gateways in your portal agent
configuration, end users can choose a specific gateway using the
gateway search field.
The status panel also contains additional information and options
for the redesigned GlobalProtect app.
The hamburger menu on the status panel now includes the following options:
Refresh Connection
—Allows end
users to perform network discovery. This option is available only
if you
—Opens the settings panel
where end users can view, modify, monitor, and troubleshoot their
GlobalProtect app settings.
Help Center
—Opens the GlobalProtect
Help page, which provides general information about how to use the
GlobalProtect app. This option does not display on the
Settings
menu
if you disable (select
None
) the
App
Help Page
in the GlobalProtect portal agent configuration (
Network
GlobalProtect
Portals
<portal-config>
GlobalProtect Portal Configuration
General
Appearance
).
Disconnect
—Disconnects the GlobalProtect app.
This option is available only if you configure the
Connect Method
as
User-logon
(Always On)
and
Allow User to Disable GlobalProtect
App
in the GlobalProtect portal agent configuration (
Network
GlobalProtect
Portals
<portal-config>
Agent
<agent-config>
App
).
If your configuration
includes a challenge to end users, the GlobalProtect app now prompts
them to respond to one or more reasons such as
Internet
speed slow
or
App not working
(if
required). The reasons for disconnecting are displayed only if you
configure
Display the following reasons to disconnect GlobalProtect
(Always-on mode)
in the GlobalProtect portal agent configuration
(
Network
GlobalProtect
Portals
<portal-config>
Agent
<agent-config>
App
). End users can provide
a reason for disconnecting if you configured
Allow User
to Disable GlobalProtect App
as
Allow with
Comment
in the GlobalProtect portal agent configuration (
Network
GlobalProtect
Portals
<portal-config>
Agent
<agent-config>
App
).
If you
did not configure the GlobalProtect app to display the reasons for disconnecting,
end users are prompted to provide a reason for disconnecting from
the app.
Settings Panel
The settings panel now allows end users to view and
modify the following settings for the GlobalProtect app:
Connections
—The
Connections
tab
displays the portal(s) associated with the GlobalProtect account.
End users can add, edit, or delete portals from this tab. This tab
also displays the gateway to which the end user is connected. End
users can view connection statistics about the gateway (for example,
gateway IP address, location, and VPN session uptime) when you set
Enable
Advanced View
to
Yes
in the GlobalProtect
portal agent configuration (
Network
GlobalProtect
Portals
<portal-config>
Agent
<agent-config>
App
).
Preferences
—The
Preferences
tab
is now available only if you configure at least one of the following
options:
Enable Biometric Sign-in
—End users
can choose to use biometric (fingerprint) information to sign in.
This option is available only if you configure the
Save
User Credentials
to
Only with User Fingerprint
in
the GlobalProtect agent configuration (
Network
GlobalProtect
Portals
<portal-config>
Agent
<agent-config>
Authentication
). End users
must supply a fingerprint that matches a trusted fingerprint template on
the endpoint to use a saved password for authentication to GlobalProtect portal
and gateways.
Do not display a welcome page upon each successful
connection
—End users can choose to display a welcome
page upon successful login. This option is available only if you
set the
Welcome Page
to
factory-default
in
the GlobalProtect portal agent configuration (
Network
GlobalProtect
Portals
<portal-config>
Agent
<agent-config>
App
).
Connect with SSL
—End users can choose to
use SSL or stay with IPSec. This option is available only if you
set
,
view information about the network configuration, route settings,
active connections, and logs and, if your administrator has given
you the ability to decide whether you want your endpoint to perform Autonomous DEM tests to determine
the cause of a user experience issue—you can toggle the
Enable
User Experience Tests
setting.
On Windows
endpoints, the
Troubleshooting
tab allows
end users to
Collect Logs
and set the logging
level to
Debug Logs
or
Dump Logs
and, if
your administrator has given you the ability to decide whether you
want your endpoint to perform Autonomous DEM tests to
determine the cause of a user experience issue—you can toggle the
Enable
user experience tests
setting.
Click
Advanced
to
access the Advanced Logging Settings window, which displays information
about the network configuration, route settings, active connections,
and logs.
Notifications
—The
Notifications
tab
displays the detailed information about specific notifications triggered
on the GlobalProtect app.
End users
are also notified if there are no new notifications triggered on the
GlobalProtect app.
Host Information Profile
—The
Host
Profile Information
tab displays the endpoint data that
GlobalProtect uses to monitor and enforce security policies using
the Host Information Profile.
End users can
Resubmit
to manually resubmit
HIP data to the gateway.
If you
configured multiple internal gateways in non-tunnel mode and internal
host detection, end users can click
More Details
to
monitor the Host Information Profile (HIP) report submission for
each gateway from a central location to help you to quickly troubleshoot
HIP related issues.
About
—The
About
tab displays
the version of GlobalProtect currently installed on the endpoint
and allows end users to
Check for Updates
.
Seamless Login
With the
On-Demand
connect method,
end users must launch the GlobalProtect app from the system tray
to manually initiate the connection. After the connection initiates,
users can continue the login process on the status panel to establish
the connection.
Optionally, if end users are logging in to GlobalProtect for
the first time on a Windows endpoint, they can now select the client
certificate from a list of valid certificates from the
Certificate
drop-down
to authenticate with the portal or gateway.
Optionally, if you require end users to accept terms of use to
comply with corporate policies and to see a page to review your
company’s terms of service before connecting to GlobalProtect, you
must set
Have User Accept Terms of Use Before Creating
Tunnel
to
Yes
in the GlobalProtect
portal agent configuration (
Network
GlobalProtect
Portals
<portal-config>
Agent
<agent-config>
App
).
If end users do not accept terms of use, they will not be able
to connect to GlobalProtect.
Optionally, if end users click
Cancel
,
they must enter the IP address (or domain) of the GlobalProtect
portal, and then click
Connect
to initiate
the connection.
If multiple portals are saved on the app, select a portal from
the
Portal
drop-down. By default, the most
recently connected portal is pre-selected from the
Portal
drop-down.
Optionally, the endpoint is automatically connected to the
Best Available
gateway
(default) based on the configuration that you defined and the response
times of the available gateway. To manually connect to a specific gateway,
select the gateway from the
Change Gateway
drop-down
(external gateways only).
When end users disconnect from GlobalProtect by clicking
Disconnect
,
the status panel now displays the amount of time that GlobalProtect attempts
to reconnect.
With the
Always On
connect method, the
connection initiates automatically, which allows end users to establish
a connection without launching the GlobalProtect app. If you configure
the GlobalProtect portal to
Save User Credentials
,
the connection establishes automatically without requiring any user
interaction. If you disable the
Save User Credentials
option,
end users can log in and establish a connection by entering their
credentials.
When your end users password expires or a RADIUS or AD administrator requires
a password change at the next login, they can update their password
on the app. A notification appears when their password is about
to expire.
If prompted, end users must enter their
Current Password
,
New
Password
, and
Confirm Password
.
Then, click
Update Password
to reconnect
to GlobalProtect with their new password.
Resilient Connection
If you customize resilient VPN by specifying the
Automatic
Restoration of VPN Connection Timeout
to
Yes
in
the GlobalProtect portal agent configuration (
Network
GlobalProtect
Portals
<portal-config>
Agent
<agent-config>
App
), GlobalProtect automatically attempts
to attempt to reestablish the connection after the tunnel is disconnected. You
can configure the
Wait Time Between VPN Connection Restore Attempts
in
the GlobalProtect portal agent configuration (
Network
GlobalProtect
Portals
<portal-config>
Agent
<agent-config>
App
) to adjust the amount of
time GlobalProtect waits between attempts to restore the connection
With the
Always On
connect method, if
the end user switches from an external network to an internal network
before the timeout value expires, GlobalProtect does not perform
network discovery. As a result, GlobalProtect restores the connection
to the last known external gateway.
To trigger an internal host detection, the end user must select
) to
designate a preferred gateway. Upon the next connection, the app
automatically connects to the preferred gateway. 
If you did not configure the GlobalProtect app to display the reasons for disconnecting, end users are prompted to provide a reason for disconnecting from the app.
On Windows endpoints, theTroubleshootingtab allows end users toCollect Logsand set the logging level toDebug LogsorDump Logsand, if your administrator has given you the ability to decide whether you want your endpoint to perform Autonomous DEM tests to determine the cause of a user experience issue—you can toggle theEnable user experience testssetting.ClickAdvancedto access the Advanced Logging Settings window, which displays information about the network configuration, route settings, active connections, and logs.
End users are also notified if there are no new notifications triggered on the GlobalProtect app.
If you configured multiple internal gateways in non-tunnel mode and internal host detection, end users can clickMore Detailsto monitor the Host Information Profile (HIP) report submission for each gateway from a central location to help you to quickly troubleshoot HIP related issues.
