>
    Features Introduced
    Focus
    Download PDF
    Focus
    1. Home
    2. GlobalProtect
    3. Features Introduced
    Download PDF
    GlobalProtect

    Features Introduced

    Table of Contents

    Features Introduced

    Learn about the exciting new features introduced in the GlobalProtect™ App 6.1 release.

    Features Introduced in GlobalProtect App 6.1.8 iOS

    The GlobalProtect App 6.1.8 iOS release is updated with the latest iOS SDK.

    Features Introduced in GlobalProtect App 6.1.x

    The following table describes the new features introduced in GlobalProtect app 6.1. For additional information on how to use the new features in this release, refer to the GlobalProtect App 6.1 New Features Guide.
    New GlobalProtect Feature
    Description
    Embedded Browser Framework Upgrade
    Starting with GlobalProtect 6.1.5, the embedded browser framework for SAML authentication has been upgraded to Microsoft Edge WebView2 (Windows) and WebKit (macOS). This provides a consistent experience between the embedded browser and the GlobalProtect client. WebView2 and WebKit are also compatible with FIDO2-based authentication methods. For more information, see the Microsoft Edge WebView2 documentation.
    By default, tenants using SAML authentication are configured to utilize the embedded WebView2 (Windows) or WebKit (macOS) instead of relying on the system's default browser. With this enhancement, there's no need for end users to configure a SAML landing page, eliminating the necessity to manually close the browser. This streamlines the authentication process.
    In a Microsoft entra-joined environment with SSO enabled, users are not required to enter their credentials in order to authenticate to Prisma Access using GlobalProtect. This seamless experience is true whether the user is logging in to their environment for the first time or whether they have logged in before. If there is an error during the authentication, it is displayed in the embedded browser. This authentication process works across all device states.
    In a non entra-joined environment with SSO enabled, users must enter their credentials during the initial login. On subsequent logins, the credentials are auto-filled as long as the SAML identity provider (IdP) session is active and has not timed out.
    Share Sheet SupportYou can now use the iOS and Android Share Sheet to share GlobalProtect logs. The iOS Share Sheet is supported on GlobalProtect 6.1.0 and later releases and Android Share Sheet is supported on GlobalProtect 6.1.5 (iOS and Android) and later releases.
    Advanced Internal Host Detection
    You can now configure advanced internal host detection through the portal to add an extra security layer during internal host detection by the GlobalProtect app. Enabling advanced internal host detection stops malicious actors from spoofing the reverse DNS server response during the internal host detection and thereby prevents malicious actors from accessing the enterprise network.
    Proxy Auto Configuration (PAC) Deployment from GlobalProtect
    You can now configure and push the URL for your proxy auto-configuration (PAC) files to your endpoints through the GlobalProtect portal. This feature enables you to manage the proxy settings for your endpoints using the GlobalProtect app.
    End-user Notification about GlobalProtect Session Logout
    You can now enable and customize end-user notifications about expiry of GlobalProtect app sessions on the gateway. These notifications inform the end users on Windows, macOS and Linux endpoints in advance when their app sessions are about to expire due to inactivity or expiry of the login lifetime and lets them know how much time is left before the app gets disconnected, preventing unexpected and abrupt app logout.
    Simplified and Seamless macOS GlobalProtect App Deployment Using Jamf MDM Integration
    You can now use Jamf Pro, one of the most widely used Apple device management platforms, to deploy the GlobalProtect app to macOS endpoints to support large-scale GlobalProtect app deployments in on-premises and Prisma Access environments. Administrators can also provide a seamless user experience for macOS end users by deploying Jamf configuration profiles that can automatically load system and network extensions, thus preventing the user from having to respond to notifications on the GlobalProtect app.
    Administrators can use Jamf Pro to manage and deploy the GlobalProtect mobile app for macOS, and enable system and network extensions on macOS endpoints using Jamf Pro.
    New Linux OS Support for Ubuntu
    GlobalProtect is now supported on endpoints running the following Linux OS versions for Ubuntu:
    • Ubuntu 20.04 LTS (CLI-based and GUI-based GlobalProtect app)
    • Ubuntu 22.04 LTS (CLI-based and GUI-based GlobalProtect app)
    New Linux OS Support for Red Hat Enterprise Linux (RHEL)
    (GlobalProtect app 6.1.1 and later releases) GlobalProtect is now supported on endpoints running the following Linux OS versions for RHEL.
    • Red Hat Enterprise Linux (RHEL) 8.7 (CLI-based and GUI-based GlobalProtect app)
    • Red Hat Enterprise Linux (RHEL) 9.1 (CLI-based and GUI-based GlobalProtect app)
    Split DNS and Split Domain (Linux OS)
    GlobalProtect now extends Split DNS and Split Tunnel Domain support to Linux platforms in addition to Windows and macOS.
    With Split DNS, you can configure which domains are resolved by the VPN assigned DNS servers and which domains are resolved by the local DNS servers.
    With Split Tunnel Domain, you can configure traffic for which domains are included over or excluded from the tunnel.
    Both Split DNS and Split-tunnel Domain features for Linux are configurable using existing portal and gateway configuration options
    Deploy the GlobalProtect App for iOS using Jamf Pro
    You can now use Jamf Pro, one of the most widely used Apple device management platforms, to deploy the GlobalProtect app to iOS endpoints.
    Administrators can manage and deploy the GlobalProtect app for iOS using Jamf Pro.
    Split DNS (iOS)
    (Requires GlobalProtect app 6.1.6 or later versions)
    GlobalProtect now extends Split DNS support to iOS platforms in addition to Linux, Windows, and macOS.
    With Split DNS , you can configure which domains are resolved by the GlobalProtect gateway assigned DNS servers and which domains are resolved by the local DNS servers.
    Proxy Auto Configuration (PAC) Deployment from GlobalProtect on Android Endpoints using MDM
    (Requires GlobalProtect app Android 6.1.7 or later versions)
    With this new GlobalProtect feature, you can configure and deploy proxy auto-configuration (PAC) file URLs on Android endpoints, using mobile device management (MDM) platforms. By pushing these configurations through mobile device management (MDM), the proxy settings are uniformly applied across all android endpoints, ensuring seamless deployment and consistent security measures.
    You can use the key proxy-url to add the PAC file URL while creating an app configuration policy rule on Android endpoints using mobile device management (MDM) platforms..
    The supported PAC file URL method includes the Proxy Auto-configuration (PAC) standard and the feature is supported on Android version 11 and later.

    © 2025 Palo Alto Networks, Inc. All rights reserved.