1. Home
    2. GlobalProtect
    3. GlobalProtect Administrator's Guide
    4. Mobile Device Management
    5. Set Up the MDM Integration With GlobalProtect
    6. Manage the GlobalProtect App Using a Qualified Third-Party MDM
    7. Always On VPN Configurations
    8. Configure an Always On VPN Configuration for Android on Chromebooks Using the Google Admin Console
    End-of-Life (EoL)

    Configure an Always On VPN Configuration for Android on Chromebooks Using the Google Admin Console

    The GlobalProtect app for Chrome OS is deprecated and replaced with the app for Android.
    Chromebooks support Always On VPN through extended support for the GlobalProtect app for Android. In an Always On VPN configuration, the secure GlobalProtect connection is always on. Traffic that matches specific filters (such as port and IP address) configured on the GlobalProtect gateway is always routed through the VPN tunnel. By enabling your end users to run the GlobalProtect app for Android on their Chromebooks, you can ensure that they are always connected to GlobalProtect and have access to always on security.
    Follow these recommendations to configure an Always On VPN configuration for Chromebooks:
    Use the following steps to configure an Always On VPN configuration for Android on Chromebooks using the Google Admin console:
    1. From your Palo Alto Networks firewall, Set Up Access to the GlobalProtect Portal.
    3. From your portal agent configuration (
      Network
      GlobalProtect
      Portals
      <portal-config>
      Agent
      <agent-config>
      ), select
      App
       to customize the GlobalProtect app.
      • To configure the GlobalProtect connection to be always on, set the
        Connect Method
         to
        User-logon (Always On)
        .
      • To prevent users from disabling the GlobalProtect app, set the
        Allow User to Disable GlobalProtect App
         option to
        Disallow
        .
    4. Enable transparent authentication for GlobalProtect.
      To prevent users from skipping GlobalProtect authentication prompts and thereby bypass the GlobalProtect connection upon disconnecting from GlobalProtect, configure one of the following options for transparent authentication:
      • Enable users to authenticate to GlobalProtect transparently using client certificate authentication.
      • Enable the GlobalProtect app to save both the username and password for transparent login.
        1. From your portal agent configuration (
          Network
          GlobalProtect
          Portals
          <portal-config>
          Agent
          <agent-config>
          ), select
          Authentication
          .
        2. Set the
          Save User Credentials
           option to
          Yes
          .
        3. Click
          OK
           twice to save the portal agent configuration.
    5. Commit
       your changes on the firewall.
    6. Prevent Chromebook users from bypassing GlobalProtect using Chrome OS VPN settings.
      1. Log in to the Google Admin console as an administrator.
      3. Blacklist the Chrome settings (
        chrome://settings
        ) to prevent users from modifying any VPN settings:
        1. Select
          Device Management
          Chrome management
          User Settings
          .
        2. In the Content > URL Blocking area, enter
          chrome://settings
           in the
          URL Blacklist
           text box.
      4. SAVE
         your changes.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo