Download and Install the GlobalProtect Mobile App

The GlobalProtect app provides a simple way to extend the enterprise security policies out to mobile endpoints. As with other remote endpoints running the GlobalProtect app, the mobile app provides secure access to your corporate network over an IPsec or SSL VPN tunnel. The app automatically connects to the gateway that is closest to the end user’s current location. In addition, traffic to and from the endpoint is automatically subject to the same security policy enforcement as other hosts on your corporate network. The mobile app also collects information about the host configuration and can use this information for enhanced HIP-based security policy enforcement.
There are two primary methods for installing the GlobalProtect app: You can deploy the app from your third-party MDM and transparently push the app to your managed endpoints; or, you can install the app directly from the official store for your endpoint:
This workflow describes how to install the GlobalProtect app directly on the mobile endpoint. For instructions on how to deploy the GlobalProtect app from AirWatch, see Deploy the GlobalProtect Mobile App Using AirWatch.
  1. Create an agent configuration for testing the app installation.
    As a best practice, create an agent configuration that is limited to a small group of users, such as administrators in the IT department responsible for administering the firewall:
    1. Select NetworkGlobalProtectPortals.
    2. Select an existing portal configuration to modify or Add a new one.
    3. On the Agent tab, either select an existing configuration or Add a new configuration to deploy to the test users/group.
    4. On the User/User Group tab, Add the User/User Group who will be testing the app.
    5. Select the OS for the app you are testing (iOS, Android, or WindowsUWP).
    6. (Optional) Select the agent configuration that you just created/modified, and then click Move Up so that it is higher on the list than the more generic configurations you have created.
    7. Commit the changes.
  2. From the endpoint, follow the prompts to download and install the app.
    • On Android endpoints, search for the app on Google Play.
    • On iOS endpoints, search for the app at the App Store.
    • On Windows 10 UWP endpoints, search for the app at the Microsoft Store.
  3. Launch the app.
    When successfully installed, the GlobalProtect app icon displays on the endpoint’s Home screen. To launch the app, tap the icon. When prompted to enable GlobalProtect VPN functionality, tap OK.
  4. Connect to the portal.
    1. When prompted, enter the Portal name or address, User Name, and Password. The portal name must be an FQDN and it should not include the https:// at the beginning.
    2. Tap Connect and verify that the app successfully establishes a connection to GlobalProtect.
      If a third-party mobile endpoint management system is configured, the app prompts you to enroll.

Related Documentation