GlobalProtect App 5.0 Beta for iOS 12

by ebang on ‎07-03-2018 02:29 PM - edited on ‎07-10-2018 11:39 PM by Community Manager (11,019 Views)

GlobalProtect app 4.1.x and earlier releases do not support iOS 12. With added support for iOS 12 in the upcoming GlobalProtect app 5.0 for iOS, Palo Alto Networks is announcing the beta availability of GlobalProtect app 5.0 for iOS to prepare you for the iOS 12 release.


NOTE: GlobalProtect app 5.0 beta supports iOS 10 and later releases.


You can register to test GlobalProtect app 5.0 beta at: Upon registration and approval, you will be provided with the GlobalProtect app 5.0 beta software and related documentation, including the beta Release Notes, New Features Guide, and MDM VPN profile configuration details. You can also view the beta documentation on the Live Community Beta Portal.


NOTE: After your beta registration is approved, you will receive an email from the Apple TestFlight program to the email address that you provided during registration. Please open this email from your iOS endpoint, and then follow the instructions to install the TestFlight app and then GlobalProtect app 5.0 beta from within the TestFlight app.


This article provides the following information on how to deploy GlobalProtect app 5.0 beta to beta users:


NOTE: We recommend that GlobalProtect app 5.0 beta users uninstall GlobalProtect app 4.1.x before installing GlobalProtect app 5.0 beta on their iOS endpoints.


Replacing GlobalProtect App 4.1.x and Earlier Releases with GlobalProtect App 5.0 Beta for Beta Users

Use the following workflows to replace GlobalProtect app 4.1.x and earlier releases with GlobalProtect app 5.0 beta for beta users on iOS endpoints:

Beta Deployment options


Manual installation of GlobalProtect app 5.0 beta

All beta users must use the following steps to install GlobalProtect app 5.0 beta manually:

1.     Take note of your portal address and user credentials (if applicable), as you will need to re-enter them on the new GlobalProtect app.

2.     Uninstall previous versions of the GlobalProtect app (4.1.x and earlier releases) from your iOS endpoint.

3.     Install the TestFlight app from the App Store.

4.     Contact your GlobalProtect administrator to request access to GlobalProtect app 5.0 beta.

5.     When you receive the beta invitation email, tap the link to Open in TestFlight.

6.     From the TestFlight app, INSTALL GlobalProtect app 5.0 beta.

7.     After GlobalProtect app 5.0 beta installs successfully, launch the app.

8.     When prompted, enter the following information:

·       Portal Address

·       (Optional) Username and Password

Deployment of VPN profiles for beta users from a mobile device management system

(for managed endpoints)

If you manage iOS endpoints using a mobile device management (MDM) system, use the following steps to deploy a VPN profile for your beta users from the MDM:

1.     On the MDM, create a custom VPN profile.

a.     (Optional) If you are using client certificate-based authentication, deploy a client certificate.

b.     (Optional) If you are using MDM integration for HIP-based policy enforcement, specify the UDID attribute.

2.     Deploy the custom VPN profile on all enrolled iOS endpoints that will be using GlobalProtect app 5.0 beta.

3.     Delete the VPN profiles and client certificates associated with previous versions of the GlobalProtect app (4.1.x and earlier releases) from the MDM.

After you deploy the VPN profile, beta users must re-enter any information that is not pushed from the MDM server on the new app:

1.     Launch GlobalProtect app 5.0 beta.

2.     (Optional) If your MDM administrator has not specified a portal address in the VPN profile, enter the Portal Address.

3.     (Optional) If prompted, enter your Username and Password.

Mobile Device Management Changes for Beta Users

In order for GlobalProtect app 5.0 beta to deploy and connect successfully in MDM-based deployments, you must push updated VPN profiles that reference the new GlobalProtect app from the MDM server to all enrolled mobile endpoints that will be using the app.


NOTE: You can contact your MDM vendor for assistance with implementing these changes.

by DrewMorrow
on ‎07-04-2018 10:53 AM
by Community Manager
on ‎07-05-2018 04:13 AM

Thanks for the report @DrewMorrow.

We'll review and fix asap

by Community Manager
on ‎07-05-2018 09:45 AM

@DrewMorrow fixed!

on ‎07-06-2018 11:56 AM

I can hit the beta site with no issue. I have no devices listed and click submit, to get to the next step, but an error message appears:


"Please select devices."


So I'm still in a catch 22. The beta site says that if you don't have any devices listed, click submit. And when I do, I get the above. 


Any suggestions?





by Community Manager
on ‎07-06-2018 12:17 PM



Have you gone through the registration and have you received confirmation you were onboarded succesfully?

if so, you'll want to reach out to to have your serial numbers added to the elegible devices

by DrewMorrow
on ‎07-06-2018 12:45 PM

Hi @reaper

I registered but have yet to be confirmed. Will the code I get allow me to send it to a couple users? Or is it a one time use kind of thing?


Should I share the app download code once I get it?



by Community Manager
on ‎07-06-2018 01:06 PM

hi @DrewMorrow


a serial of one of your devices needs to be activated to be elegible to download the software, but after that it lives on the firewall pretty much the same way other GP clients do, and you can distribute to as many users as you like

You will not be able to share the software from the support portal directly, except for other users in your org that have access to the support portal. You will be able to download the installer and distribute it internally, or host it on the firewall's GlobalProtect portal 


hope this helps!

by WTam
on ‎07-09-2018 09:50 AM

 Here is the correct beta registration link:



by WTam
on ‎07-09-2018 09:56 AM

@DrewMorrow and @reaper


The iOS beta software is by invite only.  It can only be download to Apple device only and cannot be distribute by the firewall.. 


You should have received an email with TestFlight link from Apple.

Open the  invitation and click "View in TestFlight".

It should have opened the web page with redeem code button and save this code.

Click the link to install TestFlight. After the install and open TestFlight it will say "Tester Removed". (It's OK.)

Now click REDEEM button and enter the new redeem code that you just saved.




by DrewMorrow
on ‎07-11-2018 05:16 AM

Hi @WTam,

Is it possible to get a user the IOS app? Or would they need to make an account and have our firewall info in order to do so?


I got it working fine on mine.



by DrewMorrow
on ‎07-18-2018 05:47 AM

Hi @reaper,

Is it possible to get an end user the IOS app? Or would they need to make an account and have our firewall info in order to do so?


I got it working fine on mine but I have an account and my end user will not.



by WTam
on ‎07-18-2018 09:24 AM

No, by invite only.

They can register for the beta.



by saksiutin
on ‎08-03-2018 09:36 PM

Hi Live Community,


If I have issues accessing vpn with beta version of the app where can I provide a feedback and get some assistance?




by Community Manager
on ‎08-06-2018 02:19 AM
by Jas0nP
2 weeks ago

Where is this on being released, support told me next week and that was 3 weeks ago? Is there an ETA on release in the App store? I have multiple users who can't use the vpn because on the incompatability with iOS 12....


by Community Manager
2 weeks ago

hi @Jas0nP


Have you registered for the Beta already? Since GlobalProtect 5.0 is still in beta, it could still be a while. You can register and check with the folks that run the beta for more information, or reach out to your sales rep

by WTam
2 weeks ago

Beta for GlobalProtect (GP) 5.0 has concluded. 

The GP app is currently in Apple approval process. 




by harevalo_eog

GlobalProtect v5 just went out today. Still looking for the documentation for the configuration keys. We use AirWatch as our MDM and our current VPN profile does not apply to v5 app. So we need to set new config keys to pre-configure everything. What a mess.

by TimJohnson1

Agreed harevalo_eog


Where is the documentation?! Its iOS 12 launch day.

by TimJohnson1

8 hours later + 3 calls to Palo support and no documentation......


This is a very poor way to do business. When are Palo going to get their act together on this?

by JavierM

Hi guys, I have a GP 4.1.5 as my enterpise solution for VPN with certificate auth. today i make a test with an ipad with IOS 12.

with the GP 5.0 but didnt work, you know if we need to add more config to work with GP 5.0? or i just a SW issue.


by TimJohnson1

Thanks WTam that’s a start but it doesn’t entirely help us


what options do we choose for Citrix XenMobile with certificate based auth? I can’t see Palo listed anywhere on Citrix documentation at


previously we used the XML sample from Palo but this new documentation seems to be a case of if you don’t use AirWatch then you’re on your own!



by Community Manager

hi @TimJohnson1


Have you sought assistance through the beta forum, as beta products are not supported through regular support channels


by WTam

The beta has concluded... please report any issue to support. 

I will continue to monitor both forums to insure we have coverage for issue reported. 



I will check with documentation team regarding "Citrix XenMobile".




We have had some issues with using GP v 5.0 and iOS 12 with Per App VPN settings.

In Workspace ONE / AirWatch you can choose between AppProxy (applayer) and PacketTunnel (IP) types.

Before we had AppProxy, should we now use PacketTunnel as the ProviderType?
I found that AppProxy did not work, but PacketTunnel did.
Using Client certs as authentication.


by sarao

App Proxy is an older technology and not supported GlobalProtect App 5.0. Please use PacketTunnel as Provider Type.

Ignite 2018, Amsterdam, Netherlands
Ask Questions Get Answers Join the Live Community