GlobalProtect App 5.0 Beta for iOS 12

by ebang on ‎07-03-2018 02:29 PM - edited on ‎07-10-2018 11:39 PM by Community Manager (11,019 Views)

GlobalProtect app 4.1.x and earlier releases do not support iOS 12. With added support for iOS 12 in the upcoming GlobalProtect app 5.0 for iOS, Palo Alto Networks is announcing the beta availability of GlobalProtect app 5.0 for iOS to prepare you for the iOS 12 release.

 

NOTE: GlobalProtect app 5.0 beta supports iOS 10 and later releases.

 

You can register to test GlobalProtect app 5.0 beta at: https://beta.paloaltonetworks.com/Registration/Index?betaID=155. Upon registration and approval, you will be provided with the GlobalProtect app 5.0 beta software and related documentation, including the beta Release Notes, New Features Guide, and MDM VPN profile configuration details. You can also view the beta documentation on the Live Community Beta Portal.

 

NOTE: After your beta registration is approved, you will receive an email from the Apple TestFlight program to the email address that you provided during registration. Please open this email from your iOS endpoint, and then follow the instructions to install the TestFlight app and then GlobalProtect app 5.0 beta from within the TestFlight app.

 

This article provides the following information on how to deploy GlobalProtect app 5.0 beta to beta users:

 

NOTE: We recommend that GlobalProtect app 5.0 beta users uninstall GlobalProtect app 4.1.x before installing GlobalProtect app 5.0 beta on their iOS endpoints.

 

Replacing GlobalProtect App 4.1.x and Earlier Releases with GlobalProtect App 5.0 Beta for Beta Users

Use the following workflows to replace GlobalProtect app 4.1.x and earlier releases with GlobalProtect app 5.0 beta for beta users on iOS endpoints:

Beta Deployment options

Workflow

Manual installation of GlobalProtect app 5.0 beta

All beta users must use the following steps to install GlobalProtect app 5.0 beta manually:

1.     Take note of your portal address and user credentials (if applicable), as you will need to re-enter them on the new GlobalProtect app.

2.     Uninstall previous versions of the GlobalProtect app (4.1.x and earlier releases) from your iOS endpoint.

3.     Install the TestFlight app from the App Store.

4.     Contact your GlobalProtect administrator to request access to GlobalProtect app 5.0 beta.

5.     When you receive the beta invitation email, tap the link to Open in TestFlight.

6.     From the TestFlight app, INSTALL GlobalProtect app 5.0 beta.

7.     After GlobalProtect app 5.0 beta installs successfully, launch the app.

8.     When prompted, enter the following information:

·       Portal Address

·       (Optional) Username and Password

Deployment of VPN profiles for beta users from a mobile device management system

(for managed endpoints)

If you manage iOS endpoints using a mobile device management (MDM) system, use the following steps to deploy a VPN profile for your beta users from the MDM:

1.     On the MDM, create a custom VPN profile.

a.     (Optional) If you are using client certificate-based authentication, deploy a client certificate.

b.     (Optional) If you are using MDM integration for HIP-based policy enforcement, specify the UDID attribute.

2.     Deploy the custom VPN profile on all enrolled iOS endpoints that will be using GlobalProtect app 5.0 beta.

3.     Delete the VPN profiles and client certificates associated with previous versions of the GlobalProtect app (4.1.x and earlier releases) from the MDM.

After you deploy the VPN profile, beta users must re-enter any information that is not pushed from the MDM server on the new app:

1.     Launch GlobalProtect app 5.0 beta.

2.     (Optional) If your MDM administrator has not specified a portal address in the VPN profile, enter the Portal Address.

3.     (Optional) If prompted, enter your Username and Password.

Mobile Device Management Changes for Beta Users

In order for GlobalProtect app 5.0 beta to deploy and connect successfully in MDM-based deployments, you must push updated VPN profiles that reference the new GlobalProtect app from the MDM server to all enrolled mobile endpoints that will be using the app.

 

NOTE: You can contact your MDM vendor for assistance with implementing these changes.

Comments
by DrewMorrow
on ‎07-04-2018 10:53 AM
by Community Manager
on ‎07-05-2018 04:13 AM

Thanks for the report @DrewMorrow.

We'll review and fix asap

by Community Manager
on ‎07-05-2018 09:45 AM

@DrewMorrow fixed!

by GOSWH
on ‎07-06-2018 11:56 AM

I can hit the beta site with no issue. I have no devices listed and click submit, to get to the next step, but an error message appears:

 

"Please select devices."

 

So I'm still in a catch 22. The beta site says that if you don't have any devices listed, click submit. And when I do, I get the above. 

 

Any suggestions?

 

Thanks!

 

//Shawn

by Community Manager
on ‎07-06-2018 12:17 PM

hi @GOSWH

 

Have you gone through the registration and have you received confirmation you were onboarded succesfully?

if so, you'll want to reach out to betasupport@paloaltonetworks.com to have your serial numbers added to the elegible devices

by DrewMorrow
on ‎07-06-2018 12:45 PM

Hi @reaper

I registered but have yet to be confirmed. Will the code I get allow me to send it to a couple users? Or is it a one time use kind of thing?

 

Should I share the app download code once I get it?

 

Thanks,
Drew

by Community Manager
on ‎07-06-2018 01:06 PM

hi @DrewMorrow

 

a serial of one of your devices needs to be activated to be elegible to download the software, but after that it lives on the firewall pretty much the same way other GP clients do, and you can distribute to as many users as you like

You will not be able to share the software from the support portal directly, except for other users in your org that have access to the support portal. You will be able to download the installer and distribute it internally, or host it on the firewall's GlobalProtect portal 

 

hope this helps!

by WTam
on ‎07-09-2018 09:50 AM

 Here is the correct beta registration link:

https://beta.paloaltonetworks.com/Registration/Index?betaID=155

 

-Warren

by WTam
on ‎07-09-2018 09:56 AM

@DrewMorrow and @reaper

 

The iOS beta software is by invite only.  It can only be download to Apple device only and cannot be distribute by the firewall.. 

 

You should have received an email with TestFlight link from Apple.

Open the  invitation and click "View in TestFlight".

It should have opened the web page with redeem code button and save this code.

Click the link to install TestFlight. After the install and open TestFlight it will say "Tester Removed". (It's OK.)

Now click REDEEM button and enter the new redeem code that you just saved.

 

-Warren

 

by DrewMorrow
on ‎07-11-2018 05:16 AM

Hi @WTam,

Is it possible to get a user the IOS app? Or would they need to make an account and have our firewall info in order to do so?

 

I got it working fine on mine.

 

Thanks,
Drew

by DrewMorrow
on ‎07-18-2018 05:47 AM

Hi @reaper,

Is it possible to get an end user the IOS app? Or would they need to make an account and have our firewall info in order to do so?

 

I got it working fine on mine but I have an account and my end user will not.

 

Thanks,
Drew

by WTam
on ‎07-18-2018 09:24 AM

No, by invite only.

They can register for the beta.

https://beta.paloaltonetworks.com/Registration/Index?betaID=155

 

-Warren

by saksiutin
on ‎08-03-2018 09:36 PM

Hi Live Community,

 

If I have issues accessing vpn with beta version of the app where can I provide a feedback and get some assistance?

 

Regards,

Serhii

by Community Manager
on ‎08-06-2018 02:19 AM
by Jas0nP
2 weeks ago

Where is this on being released, support told me next week and that was 3 weeks ago? Is there an ETA on release in the App store? I have multiple users who can't use the vpn because on the incompatability with iOS 12....

 

by Community Manager
2 weeks ago

hi @Jas0nP

 

Have you registered for the Beta already? Since GlobalProtect 5.0 is still in beta, it could still be a while. You can register and check with the folks that run the beta for more information, or reach out to your sales rep

by WTam
2 weeks ago

Beta for GlobalProtect (GP) 5.0 has concluded. 

The GP app is currently in Apple approval process. 

 

Regards,

-Warren

by harevalo_eog
Saturday

GlobalProtect v5 just went out today. Still looking for the documentation for the configuration keys. We use AirWatch as our MDM and our current VPN profile does not apply to v5 app. So we need to set new config keys to pre-configure everything. What a mess.

by TimJohnson1
Monday

Agreed harevalo_eog

 

Where is the documentation?! Its iOS 12 launch day.

by TimJohnson1
Monday

8 hours later + 3 calls to Palo support and no documentation......

 

This is a very poor way to do business. When are Palo going to get their act together on this?

by JavierM
Monday

Hi guys, I have a GP 4.1.5 as my enterpise solution for VPN with certificate auth. today i make a test with an ipad with IOS 12.

with the GP 5.0 but didnt work, you know if we need to add more config to work with GP 5.0? or i just a SW issue.

Regards

by TimJohnson1
Monday

Thanks WTam that’s a start but it doesn’t entirely help us

 

what options do we choose for Citrix XenMobile with certificate based auth? I can’t see Palo listed anywhere on Citrix documentation at https://docs.citrix.com/en-us/xenmobile/server/policies/vpn-policy.html#ios-settings

 

previously we used the XML sample from Palo but this new documentation seems to be a case of if you don’t use AirWatch then you’re on your own!

 

 

by Community Manager
Tuesday

hi @TimJohnson1

 

Have you sought assistance through the beta forum, as beta products are not supported through regular support channels

 

https://live.paloaltonetworks.com/t5/Rosewood-Beta/ct-p/BetaRosewood

 

by WTam
Tuesday

The beta has concluded... please report any issue to support. 

I will continue to monitor both forums to insure we have coverage for issue reported. 

 

@TimJohnson1

I will check with documentation team regarding "Citrix XenMobile".

 

-Warren

by IKT-SMK
Tuesday

Hi.
We have had some issues with using GP v 5.0 and iOS 12 with Per App VPN settings.

In Workspace ONE / AirWatch you can choose between AppProxy (applayer) and PacketTunnel (IP) types.

Before we had AppProxy, should we now use PacketTunnel as the ProviderType?
I found that AppProxy did not work, but PacketTunnel did.
Using Client certs as authentication.

Thanks.

by sarao
Wednesday

App Proxy is an older technology and not supported GlobalProtect App 5.0. Please use PacketTunnel as Provider Type.

Ignite 2018, Amsterdam, Netherlands
Ask Questions Get Answers Join the Live Community
Contributors