Focus

GlobalProtect Features

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Networking
Quick Start
Reference
Incidents & Alerts
Release Notes
Select a Document
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
Help
Select a Document
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1

Zone Protection Features

IoT Security Features

GlobalProtect Features

What are the new GlobalProtect features for PAN-OS 11.1?

The following section describes new GlobalProtect features introduced in PAN-OS 11.1. For features related to the GlobalProtect app, see the GlobalProtect App 6.1 Release Notes.

GlobalProtect Portal and Gateway Support for TLSv1.3

November 2023

Introduced in PAN-OS 11.1.0

You can now configure SSL/TLS service profiles using TLSv1.3 on the firewall that is hosting the GlobalProtect portal or gateway to establish TLS connectivity between GlobalProtect components. TLSv1.3 is the latest version of the TLS protocol, which provides increased network security by removing the weak ciphers supported in the earlier versions of TLS and adding more secure cipher suites. In addition, the GlobalProtect gateway and portal now support the following TLSv1.3 cipher suites:

TLS-AES-128-GCM-SHA256
TLS-AES-256-GCM-SHA384
TLS-CHACHA20-POLY1305-SHA256

You can configure SSL/TLS service profiles with TLSv1.3 to provide enhanced security and a faster TLS handshake while establishing connection between GlobalProtect components. To provide the strongest security, you must set both the minimum and maximum supported version as TLSv1.3 in the SSL/TLS service profile.

Use Default Browser for SAML/CAS Authentication

November 2023

Introduced in PAN-OS 11.1.0

This feature enables you to configure the GlobalProtect app to use the default browser to authenticate to the GlobalProtect portal through the Client Authentication setting of the portal configuration. You can now select the Use Default Browser option on the Client Authentication screen for the app to use the default browser for SAML/CAS authentication to authenticate to the portal for the first time. The Use Default Browser option is displayed on the Client Authentication screen only when you choose SAML/CAS as the authentication profile.

Starting from PAN-OS 11.1, you do not need to set the pre-deployment keys/plist entries to configure the app to choose whether the app should use the default browser or embedded browser instead you can configure it through the Client Authentication setting of the portal configuration.

End users can benefit from using the default system browser for SAML authentication because they can leverage the same login for GlobalProtect with their saved user credentials on the default system browser such as Chrome, Firefox, or Safari.

This feature is available starting from the PAN-OS 11.1 version. For the earlier PAN-OS versions, you must use the predeployment registry key/plist setting.

Zone Protection Features

IoT Security Features

Next-Generation Firewall Docs

GlobalProtect Features

Next-Generation Firewall Docs

GlobalProtect Features

GlobalProtect Portal and Gateway Support for TLSv1.3

Use Default Browser for SAML/CAS Authentication

Activation and Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

FedRAMP

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

3rd Party Integrations

Best Practices

Experts Corner