New Features - GlobalProtect - 6.2

Enterprises often require strict security compliance controls that necessitate periodic user verification, even when existing SAML tokens remain valid. Previously, users reconnecting the GlobalProtect app with Cloud Identity Engine (CIE) authentication were not prompted to re-enter their credentials, which created potential security gaps and compliance challenges. This enhancement introduces support for CIE (SAML) authentication using an embedded web-view, eliminating the need for complex pre-deployment configuration. Crucially, this feature now supports force authentication. You can now configure the GlobalProtect® app to prompt end users to reauthenticate whenever they reconnect, ensuring stricter access control and helping your organization achieve stringent security compliance goals. This functionality works even if the underlying SAML token has not yet expired.

Available in PAN-OS 11.2.0 and later releases.

Added in GlobalProtect 6.2.1.

Previously, if you managed headless Linux servers or relied on automated scripts, you faced a challenge to establish a GlobalProtect® connection with SAML authentication requiring a graphical user interface (GUI). This limitation prevented you from deploying the GlobalProtect app in server-only environments and made it difficult to integrate secure remote access into your automated workflows.

To solve this, you can now use the command-line interface (CLI) to connect to GlobalProtect when using SAML authentication with the default browser. You can now securely initiate, manage, and terminate GlobalProtect app sessions directly from the command line, removing the dependency on a desktop environment.

This functionality is available starting with the GlobalProtect app for Linux version 6.2.1 and is supported on distributions including Fedora, Ubuntu, and Red Hat Enterprise Linux (RHEL). This gives you greater deployment flexibility and ensures resilient, secure access across your automated systems.