Deploy the GlobalProtect Mobile App Using AirWatch

The GlobalProtect app provides a simple way to extend the enterprise security policies out to mobile endpoints. As with other remote hosts running the GlobalProtect agent, the mobile app provides secure access to your corporate network over an IPSec or SSL VPN tunnel. The app connects to the gateway that is closest to the end user’s current location. In addition, traffic to and from the mobile endpoint is automatically subject to the same security policy enforcement as other hosts on your corporate network. Like the GlobalProtect agent, the app collects information about the host configuration and can use this information for enhanced HIP-based security policy enforcement.
There are two primary methods for installing the GlobalProtect app: You can you can install the app directly from the app store for your endpoint (see Download and Install the GlobalProtect Mobile App); or, deploy the app from a third-party mobile endpoint management system (such as AirWatch) and transparently push the app to your managed endpoints.
With AirWatch, you can deploy the GlobalProtect app to managed endpoints that have enrolled with AirWatch. Endpoints running iOS or Android must download the AirWatch agent to enroll with the AirWatch EDM. Windows 10 endpoints do not require the AirWatch agent but require you to configure enrollment on the endpoint. After you deploy the app, configure and deploy a VPN profile to set up the GlobalProtect app for the end user automatically.
  1. Before you begin, ensure that the endpoints to which you want to deploy the GlobalProtect app are enrolled with AirWatch:
    • Android and iOS—Download the AirWatch agent and following the prompts to enroll.
    • Windows Phone and Windows 10 UWP—Configure the Windows 10 UWP endpoint to enroll with AirWatch (from the endpoint, select SettingsAccountsWork accessConnect).
  2. From AirWatch, select Apps & BooksPublicAdd Application.
  3. Select the organization group by which this app will be managed.
  4. Select the Platform, either Apple iOS, Android, or Windows Phone.
  5. Search for the app in the app store for the endpoint or enter the URL of the GlobalProtect app page:
  6. Click Next. If you chose to search for the app the app store for the endpoint, you must also Select the app from a list of search results.
    If you chose to search for the GlobalProtect app for Android and did not see the app in the list, contact your Android for Work administrator to add GlobalProtect to the list of approved company apps.
  7. On the Assignment tab, select Assigned Smart Groups that will have access to this app.
  8. On the Deployment tab, select the Push Mode, either Auto or On Demand.
  9. Select Save & Publish to push the App Catalog to the endpoints in the Smart Groups you assigned in the Assignment section.
  10. Next steps:

Related Documentation