GlobalProtect App 5.0 Beta for iOS 12
Resolution
GlobalProtect app 4.1.x and earlier releases do not support iOS 12. With added support for iOS 12 in the upcoming GlobalProtect app 5.0 for iOS, Palo Alto Networks is announcing the beta availability of GlobalProtect app 5.0 for iOS to prepare you for the iOS 12 release.
NOTE: GlobalProtect app 5.0 beta supports iOS 10 and later releases.
You can register to test GlobalProtect app 5.0 beta at: https://beta.paloaltonetworks.com/Registration/Index?betaID=155. Upon registration and approval, you will be provided with the GlobalProtect app 5.0 beta software and related documentation, including the beta Release Notes, New Features Guide, and MDM VPN profile configuration details. You can also view the beta documentation on the Live Community Beta Portal.
NOTE: After your beta registration is approved, you will receive an email from the Apple TestFlight program to the email address that you provided during registration. Please open this email from your iOS endpoint, and then follow the instructions to install the TestFlight app and then GlobalProtect app 5.0 beta from within the TestFlight app.
This article provides the following information on how to deploy GlobalProtect app 5.0 beta to beta users:
- Replacing GlobalProtect App 4.1.x and Earlier Releases with GlobalProtect App 5.0 Beta for Beta Users
- Mobile Device Management Changes for Beta Users
NOTE: We recommend that GlobalProtect app 5.0 beta users uninstall GlobalProtect app 4.1.x before installing GlobalProtect app 5.0 beta on their iOS endpoints.
Replacing GlobalProtect App 4.1.x and Earlier Releases with GlobalProtect App 5.0 Beta for Beta Users
Use the following workflows to replace GlobalProtect app 4.1.x and earlier releases with GlobalProtect app 5.0 beta for beta users on iOS endpoints:
Beta Deployment options |
Workflow |
Manual installation of GlobalProtect app 5.0 beta |
All beta users must use the following steps to install GlobalProtect app 5.0 beta manually: 1. Take note of your portal address and user credentials (if applicable), as you will need to re-enter them on the new GlobalProtect app. 2. Uninstall previous versions of the GlobalProtect app (4.1.x and earlier releases) from your iOS endpoint. 3. Install the TestFlight app from the App Store. 4. Contact your GlobalProtect administrator to request access to GlobalProtect app 5.0 beta. 5. When you receive the beta invitation email, tap the link to Open in TestFlight. 6. From the TestFlight app, INSTALL GlobalProtect app 5.0 beta. 7. After GlobalProtect app 5.0 beta installs successfully, launch the app. 8. When prompted, enter the following information: · Portal Address · (Optional) Username and Password |
Deployment of VPN profiles for beta users from a mobile device management system (for managed endpoints) |
If you manage iOS endpoints using a mobile device management (MDM) system, use the following steps to deploy a VPN profile for your beta users from the MDM: 1. On the MDM, create a custom VPN profile. a. (Optional) If you are using client certificate-based authentication, deploy a client certificate. b. (Optional) If you are using MDM integration for HIP-based policy enforcement, specify the UDID attribute. 2. Deploy the custom VPN profile on all enrolled iOS endpoints that will be using GlobalProtect app 5.0 beta. 3. Delete the VPN profiles and client certificates associated with previous versions of the GlobalProtect app (4.1.x and earlier releases) from the MDM. After you deploy the VPN profile, beta users must re-enter any information that is not pushed from the MDM server on the new app: 1. Launch GlobalProtect app 5.0 beta. 2. (Optional) If your MDM administrator has not specified a portal address in the VPN profile, enter the Portal Address. 3. (Optional) If prompted, enter your Username and Password. |
Mobile Device Management Changes for Beta Users
In order for GlobalProtect app 5.0 beta to deploy and connect successfully in MDM-based deployments, you must push updated VPN profiles that reference the new GlobalProtect app from the MDM server to all enrolled mobile endpoints that will be using the app.
NOTE: You can contact your MDM vendor for assistance with implementing these changes.