Download and Install the GlobalProtect Mobile App
The GlobalProtect app provides a simple way to extend the enterprise security policies out to mobile endpoints. As with other remote endpoints running the GlobalProtect app, the mobile app provides secure access to your corporate network over an IPsec or SSL VPN tunnel. The app automatically connects to the gateway that is closest to the end user’s current location. In addition, traffic to and from the endpoint is automatically subject to the same security policy enforcement as other hosts on your corporate network. The mobile app also collects information about the host configuration and can use this information for enhanced HIP-based security policy enforcement.
There are two primary methods for installing the GlobalProtect app: You can deploy the app from your third-party MDM and transparently push the app to your managed endpoints; or, you can install the app directly from the official store for your endpoint:
This workflow describes how to install the GlobalProtect app directly on the mobile endpoint. For instructions on how to deploy the GlobalProtect app from AirWatch, see Deploy the GlobalProtect Mobile App Using AirWatch.
- Create an agent configuration for testing the app installation.As a best practice, create an agent configuration that is limited to a small group of users, such as administrators in the IT department responsible for administering the firewall:
- Select an existing portal configuration to modify orAdda new one.
- On theAgenttab, either select an existing configuration orAdda new configuration to deploy to the test users/group.
- On theUser/User Grouptab,AddtheUser/User Groupwho will be testing the app.
- Select theOSfor the app you are testing (iOS,Android, orWindowsUWP).
- (Optional) Select the agent configuration that you just created/modified, and then clickMove Upso that it is higher on the list than the more generic configurations you have created.
- Committhe changes.
- From the endpoint, follow the prompts to download and install the app.
- On Android endpoints, search for the app on Google Play.
- On iOS endpoints, search for the app at the App Store.
- On Windows 10 UWP endpoints, search for the app at the Microsoft Store.
- Launch the app.When successfully installed, the GlobalProtect app icon displays on the endpoint’s Home screen. To launch the app, tap the icon. When prompted to enable GlobalProtect VPN functionality, tapOK.
- Connect to the portal.
- When prompted, enter thePortalname or address, UserName, andPassword. The portal name must be an FQDN and it should not include the https:// at the beginning.
- TapConnectand verify that the app successfully establishes a connection to GlobalProtect.If a third-party mobile endpoint management system is configured, the app prompts you to enroll.