Features Introduced in GlobalProtect App 6.0

Learn about the exciting new features introduced in the GlobalProtect™ App 6.0 release.
The following table describes the new features introduced in GlobalProtect app 6.0. For additional information on how to use the new features in this release, refer to the GlobalProtect App 6.0 New Features Guide.
New GlobalProtect Feature
Description
Redesigned GlobalProtect App User Interface for Windows and macOS
GlobalProtect app 6.0 for Windows and macOS now introduces a more streamlined user interface and a more intuitive connection process. The redesigned app features improved workflows that enable end users to quickly understand connectivity and access issues. With this redesign, end users can enable features that they prefer to use from a central location. Additionally, end users can monitor specific notifications and Host Information Profile (HIP) report submissions sent to multiple internal gateways from a central location to help you to quickly troubleshoot HIP related issues.
Improved Connectivity Experience for the GlobalProtect App for Android and iOS
To enable a better user experience, GlobalProtect app 6.0 for Android and iOS endpoints now provides an improved connection workflow. The GlobalProtect app now displays informative connectivity error messages while the end user is connecting to the gateway. Additionally, when you configure GlobalProtect with the
Always On
connect method, the home screen now displays
CONNECTED
state with a disconnect message to prevent end users from disconnecting when they try to tap the
Connect
icon.
Improved Authentication Experience for the GlobalProtect App for Windows and macOS
To enable a better user experience, you can now configure the GlobalProtect app to continue to display the status panel while the end user is entering their credentials when logging in or cancels the request.
Available with Content Release Version 8450-6909 or later.
SAML Authentication with Cloud Authentication Service (Windows 10, macOS, Linux, iOS, and Android)
If you have set up the GlobalProtect portal to authenticate users through Security Assertion Markup Language (SAML) authentication, you can now leverage the Cloud Authentication Service to enable users to authenticate to GlobalProtect using a cloud identity provider, such as Onelogin or Okta.
Security Policy Enforcement for Inactive GlobalProtect Sessions
You can now enforce a security policy rule to track traffic from endpoints while end users are connected to GlobalProtect and to quickly log out inactive GlobalProtect sessions. With this enhancement, you can now enforce a shorter inactivity logout period. If a GlobalProtect session remains inactive during the configured time period, the session is automatically logged out and the VPN tunnel is terminated.
GlobalProtect for ARM64-Based Windows Devices
GlobalProtect now extends native support for ARM64-based Windows devices. This enables Palo Alto Networks customers to secure their remote workforce using ARM64-based Windows devices to access all features that are available on the GlobalProtect app, and allows uniform endpoint security policy and enforcement similar to Intel-based Windows devices.
No Direct Access to Local Network Support for Linux
GlobalProtect now extends support for Linux devices to allow you to enable or disable local network access whenever end users are connected to GlobalProtect similar to Windows and macOS. Excluding local subnets from tunnel and allowing local subnet access enables end users to access proxies and local resources (such as local printers) directly without sending any local subnet traffic through the VPN tunnel. If you do not want end users to access local subnets, you can disable traffic to local subnets.
GlobalProtect Certificate Delegation for Android Devices Using Airwatch
(
Android 8 and later releases
) You can now use a mobile device management (MDM) system such as AirWatch to grant permission to the GlobalProtect app for certificate delegation. This enables the GlobalProtect app for Android devices to select a client certificate based on the client certificate alias without first prompting GlobalProtect app users to manually select a certificate.
Single Sign-On (SSO) Using Smart Card Authentication
The GlobalProtect app now supports SSO using smart card authentication to reduce the number of times end users must enter their smart card Personal Identification Number (PIN) when they log in to their Windows 10 endpoint or to authenticate to GlobalProtect. Leveraging the same smart card PIN for GlobalProtect with their Windows 10 endpoint enables end users to connect without having them to re-enter their smart card PIN in the app for a seamless SSO experience. After the end user successfully logs in to the Windows 10 endpoint, the app acquires and remembers their smart card PIN to authenticate with the portal and gateway.
Available with Content Release version 8451-6911 or later.
Endpoint Traffic Policy Enforcement (Windows 10, ARM64-Based Windows 10, macOS 11 and later releases, and ARM-Based macOS 11 and later releases)
With the Endpoint Traffic Policy Enforcement feature, GlobalProtect now provides added security to protect your remote workforce. You can now use the Endpoint Traffic Policy feature on the GlobalProtect endpoint to block malicious inbound connections and to restrict any applications from bypassing the GlobalProtect tunnel. Additionally, you can prevent end users from tampering with the routing table to bypass the GlobalProtect tunnel.
Available with Content Release Version 8450-6909 or later.

Recommended For You