>
    Strata Copilot
    GlobalProtect Features
    Focus
    Download PDF
    Focus
    1. Home
    2. PAN-OS
    3. Features Introduced in PAN-OS 11.1
    4. GlobalProtect Features
    Download PDF

    GlobalProtect Features

    Table of Contents

    GlobalProtect Features

    What are the new GlobalProtect features for PAN-OS 11.1?
    The following section describes new GlobalProtect features introduced in PAN-OS 11.1. For features related to the GlobalProtect app, see the GlobalProtect App 6.1 Release Notes.

    GlobalProtect Portal and Gateway Support for TLSv1.3

    November 2023
    • Introduced in PAN-OS 11.1.0
    You can now configure SSL/TLS service profiles using TLSv1.3 on the firewall that is hosting the GlobalProtect portal or gateway to establish TLS connectivity between GlobalProtect components. TLSv1.3 is the latest version of the TLS protocol, which provides increased network security by removing the weak ciphers supported in the earlier versions of TLS and adding more secure cipher suites. In addition, the GlobalProtect gateway and portal now support the following TLSv1.3 cipher suites:
    • TLS-AES-128-GCM-SHA256
    • TLS-AES-256-GCM-SHA384
    • TLS-CHACHA20-POLY1305-SHA256
    You can configure SSL/TLS service profiles with TLSv1.3 to provide enhanced security and a faster TLS handshake while establishing connection between GlobalProtect components. To provide the strongest security, you must set both the minimum and maximum supported version as TLSv1.3 in the SSL/TLS service profile.

    Use Default Browser for SAML/CAS Authentication

    November 2023
    • Introduced in PAN-OS 11.1.0
    This feature enables you to configure the GlobalProtect app to use the default browser to authenticate to the GlobalProtect portal through the Client Authentication setting of the portal configuration. You can now select the Use Default Browser option on the Client Authentication screen for the app to use the default browser for SAML/CAS authentication to authenticate to the portal for the first time. The Use Default Browser option is displayed on the Client Authentication screen only when you choose SAML/CAS as the authentication profile.
    Starting from PAN-OS 11.1, you do not need to set the pre-deployment keys/plist entries to configure the app to choose whether the app should use the default browser or embedded browser instead you can configure it through the Client Authentication setting of the portal configuration.
    End users can benefit from using the default system browser for SAML authentication because they can leverage the same login for GlobalProtect with their saved user credentials on the default system browser such as Chrome, Firefox, or Safari.
    This feature is available starting from the PAN-OS 11.1 version. For the earlier PAN-OS versions, you must use the predeployment registry key/plist setting.

    © 2025 Palo Alto Networks, Inc. All rights reserved.