Features Introduced in GlobalProtect App 6.0


Features Introduced in GlobalProtect App 6.0

Table of Contents

Features Introduced in GlobalProtect App 6.0

Learn about the exciting new features introduced in the GlobalProtect™ App 6.0 release.
The following table describes the new features introduced in GlobalProtect app 6.0. For additional information on how to use the new features in this release, refer to the GlobalProtect App 6.0 New Features Guide.
New GlobalProtect Feature
Redesigned GlobalProtect App User Interface for Windows and macOS
GlobalProtect app 6.0 for Windows and macOS now introduces a more streamlined user interface and a more intuitive connection process. The redesigned app features improved workflows that enable end users to quickly understand connectivity and access issues. With this redesign, end users can enable features that they prefer to use from a central location. Additionally, end users can monitor specific notifications and Host Information Profile (HIP) report submissions sent to multiple internal gateways from a central location to help you to quickly troubleshoot HIP related issues.
Improved Connectivity Experience for the GlobalProtect App for Android and iOS
To enable a better user experience, GlobalProtect app 6.0 for Android and iOS endpoints now provides an improved connection workflow. The GlobalProtect app now displays informative connectivity error messages while the end user is connecting to the gateway. Additionally, when you configure GlobalProtect with the
Always On
connect method, the home screen now displays
state with a disconnect message to prevent end users from disconnecting when they try to tap the
Improved Authentication Experience for the GlobalProtect App for Windows and macOS
To enable a better user experience, you can now configure the GlobalProtect app to continue to display the status panel while the end user is entering their credentials when logging in or cancels the request.
Available with Content Release Version 8450-6909 or later.
SAML Authentication with Cloud Authentication Service (Windows 10, macOS, Linux, iOS, and Android)
If you have set up the GlobalProtect portal to authenticate users through Security Assertion Markup Language (SAML) authentication, you can now leverage the Cloud Authentication Service to enable users to authenticate to GlobalProtect using a cloud identity provider, such as Onelogin or Okta.
Security Policy Enforcement for Inactive GlobalProtect Sessions
You can now enforce a security policy rule to track traffic from endpoints while end users are connected to GlobalProtect and to quickly log out inactive GlobalProtect sessions. With this enhancement, you can now enforce a shorter inactivity logout period. If a GlobalProtect session remains inactive during the configured time period, the session is automatically logged out and the VPN tunnel is terminated.
GlobalProtect for ARM64-Based Windows Devices
GlobalProtect now extends native support for ARM64-based Windows devices. This enables Palo Alto Networks customers to secure their remote workforce using ARM64-based Windows devices to access all features that are available on the GlobalProtect app, and allows uniform endpoint security policy and enforcement similar to Intel-based Windows devices.
No Direct Access to Local Network Support for Linux
GlobalProtect now extends support for Linux devices to allow you to enable or disable local network access whenever end users are connected to GlobalProtect similar to Windows and macOS. Excluding local subnets from tunnel and allowing local subnet access enables end users to access proxies and local resources (such as local printers) directly without sending any local subnet traffic through the VPN tunnel. If you do not want end users to access local subnets, you can disable traffic to local subnets.
GlobalProtect Certificate Delegation for Android Devices Using Workspace ONE
Android 8 and later releases
) You can now use a mobile device management (MDM) system such as Workspace ONE to grant permission to the GlobalProtect app for certificate delegation. This enables the GlobalProtect app for Android devices to select a client certificate based on the client certificate alias without first prompting GlobalProtect app users to manually select a certificate.
Single Sign-On (SSO) Using Smart Card Authentication
The GlobalProtect app now supports SSO using smart card authentication to reduce the number of times end users must enter their smart card Personal Identification Number (PIN) when they log in to their Windows 10 endpoint or to authenticate to GlobalProtect. Leveraging the same smart card PIN for GlobalProtect with their Windows 10 endpoint enables end users to connect without having them to re-enter their smart card PIN in the app for a seamless SSO experience. After the end user successfully logs in to the Windows 10 endpoint, the app acquires and remembers their smart card PIN to authenticate with the portal and gateway.
Available with Content Release version 8451-6911 or later.
Endpoint Traffic Policy Enforcement (Windows 10, ARM64-Based Windows 10, macOS 11 and later releases, and ARM-Based macOS 11 and later releases)
With the Endpoint Traffic Policy Enforcement feature, GlobalProtect now provides added security to protect your remote workforce. You can now use the Endpoint Traffic Policy feature on the GlobalProtect endpoint to block malicious inbound connections and to restrict any applications from bypassing the GlobalProtect tunnel. Additionally, you can prevent end users from tampering with the routing table to bypass the GlobalProtect tunnel.
Available with Content Release Version 8450-6909 or later.
Simplified and Seamless macOS GlobalProtect App Deployment Using Jamf MDM Integration
You can now use Jamf Pro to deploy the GlobalProtect app 6.0.4 and later releases to macOS endpoints to support large-scale GlobalProtect app deployments in on-premises and Prisma Access environments. Administrators can also provide a seamless user experience for macOS end users by deploying Jamf configuration profiles that can load system and network extensions automatically, thus preventing the user from having to respond to notifications on the GlobalProtect app.
FIPS-CC Mode for GlobalProtect on (Windows and macOS, ARM-based devices running on Windows and macOS, iOS, Android, and Linux)
Requires GlobalProtect app 6.0.7 version
In preparation for submitting the GlobalProtect 6.0 app for FIPS-CC certification, the GlobalProtect app for Windows and macOS endpoints, ARM-based devices running on Windows and macOS, iOS, Android, and Linux has been updated to meet FIPS-CC requirements. The GlobalProtect app FIPS-CC is supported on x86 and ARM-based platforms.
With this feature, you can deploy the GlobalProtect app in FIPS-CC mode to enforce stronger security checks for your users, including the following:
  • Enhanced certificate validity checks
  • Stricter x509v3 certificate checks, such as OCSP/CRL checks and extended key usage checks
  • Algorithm health checks (such as FIPS self-tests and integrity checks) to verify the system integrity and ensure that GlobalProtect uses the correct cryptography for secure communication
  • Use of FIPS and CC compliant algorithms for enhanced security (for example, to ensure that GlobalProtect does not use weak algorithms or key sizes)
  • Updated logging that provides the results of these security checks
Federal Information Processing Standard (FIPS 140-3) and Common Criteria (CC) are security certifications that ensure a standard set of security assurances and functionalities. These certifications are often required by U.S. government agencies and other domestic and international regulated industries.

Recommended For You