>
    Strata Copilot
    Changes to Default Behavior
    Focus
    Download PDF
    Focus
    1. Home
    2. GlobalProtect
    3. Changes to Default Behavior
    Download PDF
    GlobalProtect

    Changes to Default Behavior

    Table of Contents

    Changes to Default Behavior

    Changes to default behavior in GlobalProtect app 6.3.
    The following topics describe changes to default behavior in GlobalProtect app 6.2:

    Changes to Default Behavior in GlobalProtect App 6.2.6

    You can now use the new system extension type Non-removable system extensions from UI introduced by Jamf Pro for the devices running on macOS 15 Sequoia or later versions to prevent the end users from disabling the GlobalProtect system extensions on the endpoints. GlobalProtect app version 6.2.6 and later supports macOS 15 Sequoia. This functionality is available only for the devices running on macOS 15 Sequoia or later versions.
    You can configure this feature to prevent the end users from disabling GlobalProtect system extensions on their endpoints thereby reducing the risks associated with disabled system extensions.
    Previously, end users could disable the GlobalProtect system extension through the MDM settings (GeneralSettingsNetwork Extensions.) However, with this new feature, the Non-removable system extensions from UI system extension type in Jamf Pro restricts users from disabling the GlobalProtect system extension.
    To enable this functionality, you must perform the following procedures:
    1. Upgrade the GlobalProtect app to version 6.2.6 or later
    2. Upgrade the macOS to version 15 Sequoia or later
    3. In the mobile device management (MDM), Jamf Pro, set the System Extension Type as Non-removable system extensions from UI while configuring Configuration Profile.
    If the GlobalProtect system extensions are disabled by the end-user, the following GlobalProtect features do not work:
    • Split-tunnel by domain
    • Split-tunnel by app
    • Enforcer
    • Split-DNS
    • Traffic Enforcement

    Changes to Default Behavior in GlobalProtect App 6.2.5

    The following topics describe changes to default behavior in GlobalProtect app 6.2.5:
    • Starting with GlobalProtect 6.2.5, if the saml-browser-order pre-deployment key is not set or set to yes, the user will not be able to bring other windows in front of the saml embedded browser. If the saml-browser-order pre-deployment key is set to no, the user will be able to bring other windows in front of the saml embedded browser.
    • When a captive portal is detected on Windows computers, GlobalProtect launches the system default browser (Chrome, Safari, or Firefox).

    Changes to Default Behavior in GlobalProtect App 6.2.4

    There are no changes to default behavior in GlobalProtect app 6.2.4.

    Changes to Default Behavior in GlobalProtect App 6.2.2

    If your Prisma Access tenant is IP Optimization enabled (available starting in Prisma Access 5.0.1), the minimum required GlobalProtect app versions are 6.1.4 and later, 6.2.3 and later, or 6.3 and later.

    Changes to Default Behavior in GlobalProtect App 6.2.1

    • If your Prisma Access tenant is IP Optimization enabled (available starting in Prisma Access 5.0.1), the minimum required GlobalProtect app versions are 6.1.4 and later, 6.2.3 and later, or 6.3 and later.
    • Starting from GlobalProtect Linux version 6.2.1, you must use the following commands to install the CLI or GUI versions of the app.
      • To install the GlobalProtect UI package- $ ./gp_install.sh
      • To install the GlobalProtect CLI package- $ ./gp_install.sh --cli-only
      You don't need to run the ./gp_install.sh with sudo for GlobalProtect app Linux 6.2.1 and later versions. As the script executes, users will be prompted to enter the sudo password.

    Changes to Default Behavior in GlobalProtect App 6.2.0

    There are no changes to default behavior in GlobalProtect app 6.2.0.

    © 2025 Palo Alto Networks, Inc. All rights reserved.